Cyber Actors Target K-12 Distance Learning

Posted on December 15, 2020January 6, 2022

AAFCPAs would like to make education clients aware that the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have assessed that malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber bad-actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year and beyond.

The disruption attempts include ransomware, malware, distributed denial-of-service attacks, video conference disruptions, social engineering, technology vulnerabilities and student data, open/exposed ports, and end-of-life software to name a few.

These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance the risks when determining their cybersecurity investments.

To report suspicious or criminal activity, contact your local FBI field office at www.fbi.gov/contact-us/field. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting organization; and a designated point of contact.

To request incident response resources or technical assistance related to these threats, contact CISA at Central@nullcisa.gov.

Cyber threats are continuously evolving, with new structures and schemes emerging daily. AAFCPAs’ Business & IT Consulting practice advises clients on improving their IT security posture with recommendations that are right-sized and tailored to be appropriate given each client’s resources and specific IT infrastructure requirements.

If you have any questions, please contact James Jumes, MBA, M.Ed. at 774.512.4062, jjumes@nullaafcpa.com; Vassilis Kontoglis at 774.512.4069, vkontoglis@nullaafcpa.com; or your AAFCPAs Partner.

About the Authors

James Jumes, MBA, M.Ed.

James joined AAFCPAs in 2013 to lead the firm’s Business Process & IT Consulting practice. He leads a team of senior technologist in the delivery of solutions related to business intelligence & productivity, information risk management and cybersecurity, and special IT attestations, compliance, and certifications. His goal is to strengthen the links between people, process, and technology, which increases productivity and drives business growth. James has more than 30 years of experience working with information technology …

Vassilis Kontoglis

Vassilis has 20+ years’ proven experience providing business intelligence, productivity, information risk management, and cybersecurity solutions. He is a critical resource in keeping clients and the firm on the forefront of transformative technologies while mitigating risks that come along with these advancements. Vassilis leads the delivery of Robotic Process Automation solutions at AAFCPAs. He understands the unique requirements to achieve RPA success, including proper design, planning, implementation, and governance. He works collaboratively with clients and cross-functional …

Related Insights

Shift in EEC Funding Model Requires Business Process Assessment

Effective October 1, 2024, the Massachusetts Department of Early Education and Care (EEC) shifted its contract reimbursement from a primarily unit-rate model to a mix of unit-rate and cost-reimbursable contracts. Under the new contracts, childcare seats will be reimbursed on a unit-rate basis while administrative and supportive services will be funded through cost reimbursement contracts. […]

Cost Center Coding Strategies for Effective Grant Reporting

For complex human and social services providers, managing grants and ensuring compliance can often feel like navigating a labyrinth. One effective strategy to simplify this process is through cost center coding. AAFCPAs provides the following detailed guidance on how to leverage cost center coding to streamline grant reporting and maintain compliance. Design Your Cost Centers […]

October is Cybersecurity Awareness Month. Are You Prepared?

Cybersecurity Awareness Month is observed in October in the United States to raise awareness about the importance of protecting digital systems and data from cyber threats. As of the third quarter of 2024, there were over 2,000 reported data breaches affecting an estimated 1.3 billion individuals globally with major breaches affecting companies like UnitedHealth, Snowflake, […]