Skip to content
Contact us

Protecting Your School from Cyber Threats

By  Utica National Risk Management Team  ·    |   2 minute read

Schools continue to be targeted by malicious cyber actors, creating potential risks to students, staff, and school operations.


What’s at Risk?

Schools maintain large volumes of sensitive personal and financial information related to students, employees, and operations. This concentration of valuable data, combined in some cases with limited cybersecurity resources, makes schools attractive targets for cyberattacks. A successful attack could disrupt school operations, compromise sensitive information, damage the school’s reputation, and result in significant financial and legal consequences.

What Are the Most Common Cyber Threats?

Schools are frequently targeted by cyber threats such as phishing emails, ransomware attacks, and unauthorized system access. These attacks are often designed to deceive employees into sharing login credentials or clicking malicious links. Threat actors often rely on urgency (“act now”), authority (“from your principal/superintendent”), or emotional prompts (“verification needed”) to pressure staff into bypassing established procedures. These attacks often exploit human error by using deceptive emails, fake login pages, or urgent requests that appear to come from trusted sources. Understanding these common threats is a critical first step in reducing cyber risk and strengthening overall security.

How Can Schools Reduce Cyber Risk?

Strong cybersecurity starts with policies, staff training, and consistent practices. Schools can reduce cyber risk by educating employees to recognize phishing and social engineering attempts, enforcing strong passwords and multi‑factor authentication (MFA) where available, keeping systems and software up to date, limiting access to sensitive data based on job responsibilities, and regularly backing up critical systems.

What Should You Do If Your School is Targeted?

If your school suspects a cyberattack or unusual system activity, it is important to act quickly. Staff should avoid interacting with suspicious emails, links, or attachments and immediately report concerns through the school’s established IT or incident reporting process. Having a formal incident response plan in place, and ensuring staff understand how to report concerns, can significantly reduce disruption and potential losses. Schools should promptly execute recovery and restoration plans for critical systems impacted by a cybersecurity incident. Following recovery, a post‑incident review should be conducted to identify opportunities for improvement, refine the incident response plan, strengthen detection and response capabilities, update policies, procedures, and training, and ensure staff are informed of any changes.

Where Can Schools Find Support and Resources?

While many schools face resource constraints, meaningful risk reduction is still achievable by leveraging no‑ or low‑cost services. These resources are designed to help schools proactively address evolving threats by strengthening preparedness, improving response capabilities, and reinforcing overall safety and security practices.

Cybersecurity Resources:

State and Local Cyber Security Grants

  • Funding opportunities may be available to support cybersecurity improvements and training initiatives

Cybersecurity & Infrastructure Security Agency

 eRiskHub – Cyber Risk Management Portal 

  •  One hour of consultation with one of Hartford Steam Boiler’s (HSBs) preferred law firms – at no additional cost 
  • One hour of consulting services from a cyber security vendor – at no additional cost
  • Cyber risk tools, incident response roadmaps, and training resources

 Zywave Learning 

  • Online Training Courses
  • Sample Policies and Templates
  • Cybersecurity Checklist and Scorecards
  • Incident and Response Scenarios
  • News Articles

If you have questions about any of the safety reminders or resources provided in this Risk Management Alert, please contact Educational Institutions Segment Specialist John Acee at john.acee@uticanational.com.

 

Portions of this risk management alert were provided by Cybersecurity & Infrastructure Security Agency: Online Toolkit: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats; Cybersecurity & Infrastructure Security Agency: Cybersecurity for K-12 Education; and Zywave: Cybersecurity Planning Guide.

 
TAGS: , TAGS: