Skip To Main Content
4 Cybersecurity Trends to Watch This School Year
Connor Gleason

With a flurry of back-to-school activities, welcome events, and the start of another busy admissions season, school cybersecurity can easily fall to the wayside as schools and districts return to their normal routines. As a new academic year begins, its critical schools are familiar with the challenges in cybersecurity and what they can do to mitigate risk and prepare for potential breaches in data security. 

To take us into the school year, one of the biggest issues in IT and data security has been the level of awareness and preparedness of cybersecurity within schools, despite the rise of threats within education. Ransomware and malware attacks, data breaches, and phishing attempts continue to present problems for schools, raising important questions about access to resources, staffing, and adequate training to avoid potential disasters. 

Let’s talk about some of the biggest trends to watch in cybersecurity this school year and what to do about them.

1. Open source websites remain vulnerable

Without proper oversight and support, open source web hosting services like WordPress, Drupal, and Squarespace still remain a favorite target for cyberattacks. As one of the most popular website builders powering nearly one-third of the internet, WordPress is once again under scrutiny for recent and real “fake” ransomware attacks that invite unauthorized access to sensitive information.

"Despite open-source software's essential role in all software built today, it's far too easy for bad actors to circulate malicious packages that attack the systems and users running that software," said Caleb Brown, a member of the Google Open Source Security Team. 

Still, school websites that utilize an open-source solution remain under the threat of bugs that are exploited and used to upload malicious files to an affected website, leading to a complete site takeover, for example.

In a recent crackdown, Google identified over 200 malicious code packages in one month, adding that it’s just too simple to slip rogue code into larger open-source software projects, often with dangerous consequences.

2. Continued threats of ransomware attacks

School websites have increasingly been the target of cybercriminals looking for chaos in exchange for larger payouts. Ransomware attacks, significant downtime, and breached sensitive data pose significant threats to students, families, donors, and educators alike, making US school districts the number one target of cyberattacks and ransomware infections. Just recently a disruptive attack on the Los Angeles Unified School District prompted password changes for 540,000 students and 70,000 district employees.

"It is the No. 1 threat to our safety. It is an invisible foe and it is tireless." MICHEL MOORE
Chief of the LA Police Department

With ongoing political debates at the forefront of education, coupled with threats of violence at schools, and the continued response to the pandemic, the last thing any educational professional wants to deal with is a debilitating and expensive cyberattack on schools. 

But despite these ongoing threats and alarms raised by IT and data professionals, recent reports suggest that educational leadership is failing to grasp the threat at hand, causing many schools and districts to be caught unprepared, under-resourced, and at the mercy of cybercriminals.

In 2021 alone, 67 individual ransomware attacks affected 954 schools and colleges by one estimate, enough to affect over 950,000 students across the country. As hackers disrupt learning services, corrupt web infrastructure, or hold school data privacy at large, the ransom demands for K-12 schools have ranged from $5,000 to $40 million, with an average payment of $268,000.


3. A reactive approach to web security

With recent findings presented in the recent The State of EdTech District Leadership, an annual survey and report of K-12 IT leaders by the Consortium for School Networking (CoSN), cybersecurity remains the top priority for K-12 technology leaders, but many underestimate the risk attackers pose to their districts and take a reactive, rather than proactive approach.

The survey found that most districts feel they don’t have the resources to dedicate a qualified staff member to secure their networks and protect student data — an issue worsened by more and more professionals leaving the field of education.

Still, a little more than half of the IT professionals said their schools lack adequate staffing to support and protect teachers who are making the most out of digital learning devices in the classroom, a growing divide thanks to the increasing number of devices required for digital and hybrid learning.

But without higher salaries to offer, many schools and districts are unable to find qualified IT professionals with cybersecurity expertise. "As cyber-attacks become more sophisticated,” the report states, “greater expertise is needed to combat them, and the demand for those skills increases."

According to the survey, just one in five school districts has a staff member dedicated to cybersecurity, with 21 percent of districts outsourcing the management of network security to private third parties. Perhaps there’s a false (and ironic) sense of security within schools, given that the majority (61%) have some sort of cybersecurity insurance.

4. Lack of resources to protect data

Cybersecurity awareness appears to be an ongoing issue among teachers and administrators. Recent findings presented in the iboss’ National K-12 Education Cybersecurity Report by Project Tomorrow say about 60 percent of tech leaders feel current staffing isn’t adequate to meet the needs of their district to protect data information and resources.

And despite a rising threat, one survey reported that only 18 percent of technology leaders saw an increase in their IT department budget to specifically address cybersecurity, while 47 percent said that there was no change in their budget for cybersecurity over the last few years.

That's a risk compounded by internal threats, too. Without an investment in staff training and proper education on the threats of cybersecurity, schools around the country remain at threat because of their own employees, considering the vast majority of cybersecurity threats are caused by human error — phishing schemes, insecure passwords, data breaches, and clicking on suspicious links are just some of the traps staff and faculty fall into.

Surprisingly, only a third of districts responding to the State of EdTech District Leadership survey reported their schools required training requirements for any staff members, which could expose students, families, teachers, and donors alike.

frustrated computer user

What can schools do to stay safe from cyberattacks?

Unfortunately, hope is not a plan. K-12 leaders, school administrators, and IT professionals alike should move cybersecurity into the foreground and plan to prevent, prepare, and respond to an attack. 

Safety begins with choosing to partner with a website provider for secure and reliable hosting and award-winning support around the clock. Schools should also start to create an action plan that promotes awareness before an attack is made and mitigate their risk. In addition, schools should consider efforts to:

  • Create faculty and staff school cybersecurity training
  • Promote cybersecurity awareness and the potential threats 
  • Control access to student information systems, data platforms, and content management systems to regulate which users can see or manipulate data
  • Stay current with software and app updates
  • Create, review, or update a cybersecurity policy
  • Increase funding for IT personnel, hosting, and infrastructure

Key Takeaway

While the threat of cyberattacks is real, there are some important steps for schools to take that can help mitigate risks. Invest in qualified IT professionals, create a cybersecurity team and choose a trusted web provider for secure and reliable hosting to keep school data safe. With the rise of ransomware, empowering faculty and staff to be educated about the threats of ransomware, phishing attacks, and data security will help keep your school’s information safe and secure.

Meet With a Website Expert | Finalsite

Connor Gleason Headshot


Connor has spent the last decade within the field of marketing and communications, working with independent schools and colleges throughout New England. As Finalsite’s Senior Content Marketing Manager, Connor plans and executes marketing strategies and digital content across the web. A former photojournalist, he has a passion for digital media, storytelling, coffee, and creating content that connects.

Explore More Recent Blogs

Subscribe to the Finalsite Blog

Love what you're reading? Join the 10k school marketers who get the newest best practices delivered to their inbox each week.

Request a FREE
website report card

Want feedback on your school or district's site? Get a free website report card, generated by an in-house website expert, sent right to your inbox.