Cyber attacks impact school boards – students, teachers and administrators alike – at an exponential rate. Schools appear to be a treasure trove of sensitive personal information, the ideal target for a ransomware attack.

In fact, Canada’s Internet Registration Authority reported that Canadian school boards experienced, on average, 50 attempted attacks per week during a 3-week testing period.

Students, Teachers and Administrators Present Threats

As the focus on digital literacy grows, entire school districts are adopting a ‘bring your own device’ policy. From smartphones to computers to watches, personal devices are used to access educational material and grading systems. These devices present a risk when using school networks because of their diverse nature and a lack of enforcement of security patching.

COVID Plays a Role in School Board Cyber Attacks

In March 2020, the pandemic prompted countless school boards to move their classes online. With no advanced warning, school system administrators saw thousands of personal devices remotely using their school board’s network resources. The lack of private, secure home networks meant students, teachers and administrators were accessing school networks from unsecured locations … making them vulnerable to attack.

Cybersecurity Budgets For School Boards Must Increase

Security Magazine reports that K-12 cybersecurity spending reached over $230 million in 2019, but this investment hardly covers the required cybersecurity protection. Especially in the face of a distance learning driven system, the limited budget makes schools and school boards vulnerable to cyber attacks.

User Cyber Awareness Education is the Key to Prevention

Students are motivated by interesting content and aren’t always paying attention to the source. They simply may not have the capacity to understand the risk of opening an email, clicking on a link, or using a Google classroom. Frankly, that’s a lot to ask of a young student learning at home.

School boards cybersecurity

Teachers and administrators, however, fall prey to the same patterns – perhaps with a different cause. They may be distracted by the new online learning format, or may not have the knowledge to understand the risks of working online. These are, after all, professionals accustomed to in-classroom roles.

Cyber attackers understand the opportunities created by students who now spend their days online and the pressure facing teachers working in a new environment. These attackers know that people who are rushing, disinterested, or under pressure are more likely to respond to an urgent-sounding message or helpful looking link.

That’s why teacher and administrator education about cyber risk is key: once these individuals understand the importance of reviewing prompts and using a careful approach to email attachments and links, they can play a significant role in reducing the number of attacks that infect their school networks.

Case Studies: School Boards Impacted by Cyber Attacks

Case Study: Waterloo Catholic District School Board

In November 2019, the Waterloo Catholic District School Board faced a “significant” malware attack. While the school board did not lose any student, staff or administrative data, the board temporarily lost all access to their network, including emails. It took 5 days for the IT team to fully roll out their disaster recovery plan, in which time the board had limited access to network resources.

This was truly a best-case scenario in an era rife with cyber attacks on schools.

Case Study: Peel District School Board

In early January 2021, the Peel District School Board experienced “technical difficulties” that enabled a person unrelated to the school board or its schools to gain access to a Google Classroom. After disrupting the class, the teacher terminated the session and alerted her school board.

As distance learning continues in order to curb the effects of COVID, cybersecurity that ensures only registered users may access SaaS applications is critical.

Case Study: The Sheldon Independent School District

In March 2020, The Sheldon Independent School District faced the fallout of a ransomware attack. Thought to have spun out from an email, the attack immobilized the school board’s network and hijacked critical data about students and teachers. After negotiating and paying a ransom, the school board lost approximately 10% of its files. Fearing the attackers would leverage the data, despite having paid the ransom, the school board advised parents to revisit their children’s data security – especially unique identifying information like a social security number.

As the prospect of cyber attacks grows more lucrative, attackers are expected to look for multi-vector opportunities that provide access to a wide range of corporate and individual user data. Analysts expect attackers to demand ransom from both the corporate entity who was the source of the compromise (in this case, the school board) and the individuals whose data was compromised.

Case Study: Baltimore County Public Schools

In November 2020, Baltimore County Public Schools fell prey to a ransomware attack, locking personnel and students out of computers, emails, website and grading systems. With classes taking place online during the pandemic, the attack effectively forced all schools in the board to close.

After responding to the attack, an audit of school board-wide cybersecurity resources indicated the attack revealed poor protection of personal data, lax password management, and an absence of disaster recovery plans.

Types of Attacks Impacting School Boards

cybersecurity risk bring your own deviceSchools and school boards are frequently hit by ransomware and phishing attacks. Here’s a shortlist of attacks your administrators and teachers should be on the lookout for.


A phishing attack distributes a malicious request via an email. Once opened, the email coerces students, teachers or administrators to disclose important personal data.

Spear Phishing

Spear phishing attacks are highly targeted campaigns that coerce students, teachers and administrators to transfer important data to a cyber attacker. The attacker is often impersonating a trusted person or company.  In the case of finphishing, victims are coerced into making e-transfers or providing gift cards. This is a more common attack amongst administrators, who may think they’re fulfilling part of their job responsibilities.


Malware is any variety of attack that disguises an email, link or file as a legitimate resource. Once opened or clicked, malicious software spreads onto the device, and later onto an entire network. The intention of this attack is to steal something from a network.


Ransomware is a type of malware. These attacks trick users into opening a malicious link or file, which then spreads malware across a network – with the intent to hijack critical data. The attacker then holds the data hostage until a ransom is paid. Schools and school boards should not only be concerned about getting their data back, but also about potential fines and lawsuits associated with breaches.

Role of Endpoint Detection in Protection School Boards

Managing cyber risk across a school board requires attention, knowledge and visibility.

Steps to prepare for a cyber attack include:

  • Taking stock: Understand the types of devices on your network. Understand the types of applications, including installed software and SaaS (eg. Google classroom).
  • Planning for disaster: Implement a risk management plan and disaster recovery plan
  • Budgeting: Assess the solutions that fulfil the requirements established in the risk management plan. Establish a budget.
  • Deploy a cybersecurity solution

In addition to educating teachers and administrators, school boards must invest in thorough cybersecurity solutions. Most school boards, however, do not have the budget for a dedicated security operations center.

One solution is managed detection and response services . These services provide round-the-clock network surveillance and hands-on analysis of suspicious activity. If your school or school board requires support in understanding your requirements, CYDEF can help. Our Professional Services team can help to prepare and plan for an attack.