Online learning security attacks have increased steadily throughout the pandemic.  Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations.

The Wall Street Journal has documented nearly three dozen ransomware attacks against school districts since the pandemic began in March. In July alone, school districts in New Mexico, Nevada, Louisiana, Oklahoma, Alabama, Connecticut, and New York fell victim to cyberattacks.

According to Microsoft’s Global Threat Activity tracker, 61% (nearly 4.8 million) of malware encounters reported within the past 30 days also took aim at the education sector, making it the most affected industry. The business and professional services sector came in second, with just under 1 million incidents.

Earlier this year, the Federal Bureau of Investigation issued a security alert about the threat of ransomware to schools. Many public institutions, including hospitals, local governments, and colleges, have been hit with ransomware attacks this year, but school districts make for an especially tempting target due to their often thinly staffed technology departments and networks full of personal data.

“Cybercriminals are preparing to attack with malware, ransomware, phishing schemes, and denial-of-service attacks,” says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams. “The more devices connected to an educational institution’s network, the more data is generated, and, therefore, the more tempting the attack. This may lead to devices being infected, putting networks and students’ personal data at risk of exposure.”

The consequences of successful attacks can be devastating. In September, hackers published students’ grades, employees’ Social Security numbers, and other sensitive data from the 320,000-student Clark County School District in Las Vegas when a ransom wasn’t paid. A DDoS attack in Ohio’s Toledo Public Schools in October resulted in the exposure of students’ and employees’ Social Security numbers, data about students’ disability, employee evaluations, and exam grades.

The public school system in Yazoo County, Mississippi, has also revealed that it paid a company $300,000 to help recover data that had been encrypted and stolen in a ransomware incident.

“ These attacks can become incredibly costly. It’s paramount to prioritize investments in appropriate device protection solutions prior to the incident occurring. It’s also important to collaborate with students and their parents to raise awareness about basic endpoint security and cybersecurity hygiene. The latter is especially important because home networks tend to be less secure and less frequently maintained than the ones at school,” Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams

Schools and students also face potential risks from third-party edtech firms that fail to appropriately secure data on their platforms. According to the NordVPN Teams CTO, “Systems have to be set up with adequate authentication and controls. Otherwise, they’ll just become additional attack vectors. Without proper implementation, tools for accessing school networks remotely — even VPNs, password managers, and remote desktop protocols — can all be hacked to gain unauthorized access and steal sensitive data.”