Strengthen defenses

  • 8 minutes

This unit focuses on actionable steps you can take to strengthen the security of your classroom's devices and technology systems. In the rapidly evolving digital landscape, you must establish robust cybersecurity measures to fortify your classroom against the ever-present and evolving threats of malware and ransomware. Education represents over 79% of total reported malware encounters across all industries. Microsoft Security Intelligence reported blocking more than 6.7 million malware encounters on education devices in August 2023.

Know the threat: Malware

Malware is unwanted, malicious software installed on your classroom devices without your knowledge. It's a type of program that creates an open door that lets cyber criminals steal sensitive information, send you to inappropriate ads or websites, lock your devices, or make your devices more vulnerable to malware.

Malware is packaged and delivered in various ways, including:

  • Attachments in phishing messages
  • Links to malicious websites
  • Links on spoofed webpages
  • Downloads
  • QR codes
  • Ad banners on websites and notifications

Detecting and preventing malware can be challenging. Malware might be on your computer without you ever realizing it's there or it can slow your computer to a crawl, take you to websites that you didn't choose, and present pop-ups while browsing. Malware can also lock down your computer completely.

The best way to prevent malware is to be observant, avoid suspicious exploits, and use trusted security tools. Review the chart for best practices to prevent malware from infecting your computer.

Do Don’t
Download software from trusted websites. Download files from unknown banners and ads.
Delete suspicious files flagged by your computer. Open files on your computer flagged as suspicious or dangerous.
Stop using any passwords on a device with possible malware. Enter your password on a device with a suspected malware infection.
Work offline or shut down your device if you suspect a malware infection. Ignore malware warning signs, such as frequent crashes or slow performance.
Update and restart your device according to school's policies. Ignore update notifications that follow your school's policies.
Use OneDrive to safely share files. Download or forward messages with suspicious attachments.
Follow your school's guidelines for updating devices. Fall for update scams that look legitimate.

Keep devices up to date

To combat ongoing malware threats, keep your devices up to date. Regular software and firmware updates not only enhance performance but also provide essential security patches to safeguard your devices and data from potential cyberattacks.

Know the threat: Ransomware

Ransomware attacks deliberately encrypt or erase data and systems to force your school or district to pay a ransom. The financial and reputational consequences of ransomware incidents, which cause initial disruption and sometimes prolonged recovery, underline the importance of taking proactive steps such as implementing comprehensive backups.

Ransomware, in a classroom context, can be best understood as a digital threat that disrupts the flow of teaching and learning. In some cases, this might mean that all of your educational materials, lesson plans, and students' work suddenly become locked away in a virtual vault. In a ransomware attack, the perpetrators demand a ransom to provide the key to unlock these vital resources.

Did you know?

  • Sophos reported that education sectors like schools and vendors receive the most ransomware attacks across all industries. While rates of ransomware attacks remained flat for other industries, education was one with increasing target attempts.
  • A successful ransomware exploit can force schools to close for days and may cost hundreds of thousands if not millions of dollars in recovery costs. Since cyber criminals usually lock computers and encrypt essential data, victims are unable to use their devices, access files, or communicate in many situations.
  • Your school IT department backs up critical information and data. Often this doesn’t include educator-created files like lesson plans, presentations, or student work. Knowing how to back up your important files and messages ensures you don’t lose critical information when devices and services return.

Ransomware often comes in the form of a phishing message or by selecting a link that appears legitimate and important—a clever way to trick you into installing malware. Your role as an educator is to be vigilant, be cautious, and be aware of social engineering tricks that might lead to a ransomware attack. Review the chart for scenarios that mitigate or promote risk.

Mitigates risk Promotes risk
A teacher regularly backs up all important files, both locally and in the cloud. A teacher opens emails from unknown or suspicious sources.
A teacher sets the computer to automatically install operating system updates. A teacher selects unknown links in emails or on websites.
A teacher regularly monitors network traffic for unusual or suspicious activities. A teacher disables security software to speed up computer performance.
A teacher implements email filtering to block malicious attachments and links. A teacher ignores software updates until there's a school vacation.
A teacher works outside of class time on public Wi-Fi networks.

Create backups

Performing regular backups is a crucial cybersecurity practice in K-12 schools, as it creates copies of important data and stores them separately from the primary systems. This ensures the preservation and availability of critical data during a security breach or system failure. By having up-to-date backups, you help your school restore their systems and recover lost data in a ransomware attack.

A comprehensive backup strategy includes:

  • Regularly scheduled backups
  • Periodic testing of backup integrity
  • Secure offsite storage

Next steps

  1. Review your device update settings: If your classroom devices are running Windows, you have the choice of when and how to get the latest updates to keep them running smoothly and securely. Learn how to manage updates on Windows devices and/or turn on automatic Windows app updates. For more information specific to your school devices, check in with your IT team.
  2. Perform regular backups: Microsoft automates the backup process, helping you minimize disruptions, quickly restore important files, and maintain a secure and uninterrupted learning environment. Discover how to back up your local folders with OneDrive or archive important email messages to a secure backup file with Outlook.
  3. Learn your school’s response plan: Your school likely collaborated with stakeholder groups to create, maintain, and exercise a basic cyber incident response plan (IRP) that includes clear procedures to follow during a cyberattack. But do you know what to do if an incident occurs? Identify your areas of growth based on this list of key IRP components, then consider where you find the answers:
    • Plan overview: I know where to locate and read through my school's cybersecurity incident response plan (IRP).
    • Incident types: I know the different types of cybersecurity incidents that the plan covers, such as data breaches, malware infections, phishing attacks, and denial of service (DoS) attacks.
    • Reporting procedures: I know how to report a suspected or confirmed cybersecurity incident, including whom to contact and what information to provide.
    • Incident classification: I understand how incidents are classified based on severity and impact, as this determines the response strategy.
    • Roles and responsibilities: I'm familiar with my role and responsibilities during a cybersecurity incident, including any specific tasks or actions I need to take according to my school's IRP.
    • Communication protocols: I know the communication channels and procedures I should follow for notifying relevant personnel, such as IT staff, administrators, and law enforcement, if necessary.
    • Chain of command: I know the chain of command for cybersecurity incidents and whom to contact at different stages of the response.
    • Incident escalation: I understand when an incident needs to be escalated to higher authorities or external agencies, and I know who to contact.
    • Incident recovery: I'm aware of the steps involved in recovering from a cybersecurity incident, including restoring systems and data.
    • Incident documentation: I understand how the school wants me to document cybersecurity incidents, including the timeline of events and actions taken.
    • Legal and regulatory requirements: I'm aware of the legal and regulatory obligations related to my role in incident reporting and response.
    • Policy updates: I know how to stay informed about updates and changes to the school's cybersecurity policies and incident response plan.
  4. Reflect on your current practices: Think about the precautions you currently take to maximize the security of your classroom devices. Reflect on which ideas from this unit you can begin implementing on a more regular basis.
    • What steps will you need to take?
    • When will you begin?
    • What resources do you need?
    • Who can help you get there?