The Harvard EdCast Cybersecurity: The Greatest Threat Schools Aren’t Ready For
In today’s digital landscape, schools face growing cybersecurity threats that can disrupt learning, compromise sensitive data, and leave administrators scrambling to recover. With cybercriminals becoming more sophisticated, understanding these risks and being prepared is more critical than ever, says Lisa Plaggemier, the executive director of the National Cybersecurity Alliance.
“The vast majority of bad things that happen at institutions like schools and municipalities-- again, under-resourced organizations or organizations that have some technical debt. They haven't kept up with the latest and the greatest when it comes to technology. It's really, really, really basic things that get exploited by people that are up to no good,” she says.
The Center for Internet Security recently released a report revealing that 82 percent of schools suffered from a cyber incident over an 18-month period. From ransomware attacks to AI-powered phishing scams, cybercriminals are finding new ways to exploit vulnerabilities—especially in under-resourced institutions like schools and municipalities. Plaggemier shares practical steps schools can take to protect themselves, from implementing multi-factor authentication to training staff on phishing awareness. She says the biggest mistake is not being prepared for a cyberthreats.
“[This] is not something that's fun to go through, to have to answer to the press, to have to handle the crisis communications, the questions you get from parents. It then becomes such a drain on all those other things… that are a higher priority, that you realize that you've risked all those good and noble things because of a lack of preparedness,” Plaggemier says. “It's not if, it's when. So, it's all about being prepared. It's about resilience. It's about business continuity, being able to still teach school if everything's offline, and then being able to recover from the attack and go back to business as usual.”
In this episode, we discuss why educational institutions are frequent targets, the role of human error in cyberattacks, and the importance of proactive security measures.