Private companies and large government agencies aren’t the only organizations that need to prioritize cybersecurity. Kindergarten through 12th-grade schools are also targeted by cybercriminals with hacks, ransomware, phishing scams, data breaches and more.

According to the K-12 Security Information Exchange, last year set a record of cyber incidents in schools, with 408 disclosed incidents. These incidents resulted in school closures, the loss of millions of dollars in taxpayer funds and stolen data that was linked to identity theft and cyber fraud. So why are K-12 schools experiencing record cyber incidents? There are a few major reasons.

Why K-12 Schools are Experiencing Cyber-Attacks

1. K-12 Schools Have Cybersecurity Vulnerabilities

One problem is that K-12 schools have traditionally struggled to keep up with cybersecurity. The typical K-12 IT team is small. You might be looking at a team of a few people for an entire school district – and is juggling many competing priorities. School districts haven’t always prioritized strong cybersecurity. They may not have the personnel or skill sets needed to effectively protect their systems.

Many historical software purchasing decisions might have been made at a time when cybersecurity wasn’t the biggest priority with decisionmakers. And when systems aren’t consistently updated, vulnerabilities can arise.

2. The COVID-19 Pandemic Created New Problems and Exacerbated Old Ones

Much of the country’s school districts transitioned to fully-remote learning last year. This brought new challenges to the table. Schools had to rapidly transition to virtual classrooms, utilizing systems they may not have been very familiar with, such as videoconferencing technology.

Limited resources were further stretched, and mistakes and vulnerabilities were inevitable. Software wasn’t properly updated, systems without adequate security were implemented and staff members were overworked.

New types of cyber incidents emerged: class invasion, where bad actors interrupted classes during class meetings; meeting invasion, where bad actors interrupted PTA meetings, virtual graduations and staff meetings; and email invasion, where a closed email system, like faculty or class emails, were compromised to share malicious links or attachments.

3. Valuable Data Is Vulnerable

K-12 schools keep personal data about students, parents and staff members. This is an attractive target for criminals. Schools are increasingly adopting technology that is new to them, such as online payment portals to collect fees for school lunches and field trips. And they collect sensitive data on their students including Social Security numbers, birth dates, phone numbers, addresses and other information that can be used to commit identity theft.

4. Keep Your Child’s Personal Information Safe

It’s important to protect yourself and your children from identity theft. Criminals can use your child’s stolen personal data to open new credit cards and accounts, make fraudulent purchases, receive medical care and more. Because your child doesn’t apply for credit, this activity could go undiscovered for years. Check out our guide on keeping your children’s information safe.