We like to think that even criminals would have some qualms about attacking certain targets, especially ones that impact children, the sick or the disadvantaged. But this honor among thieves that we imagine doesn't exist. Cybercriminals show us every day that they don't discriminate between for-profit or not-for-profit. And a recent study showed that schools are ill-prepared for the risks they face. They ranked 17 out of 17 among the most-prepared industries.

Adam Mahoney, an education technology consulting with Network Outsource on Long Island shares insights into cybersecurity threats facing our schools may surprise you.

1. DDOS

DDOS or distributed denial-of-service (DDoS) attacks use the threat of a canceled service to trick recipients into giving away their passwords or even wiring money. They often involve a compelling email that may appear to be from a utility company, Microsoft, Google or another known entity. They threaten to cancel service if the person doesn't take immediate action. They count on fear rising in the person influencing them to overlook red flags and give away their login information.

Once the attacker has a password, they can use it to access student records, lockdown data or even steal faculty or student identities.

2. Data Breach

Hackers can use the DDOS scam or similar tricks to access your databases and steal information that they can use for financial gain. Schools must have systems in place to reduce the risk and damage of these attacks.

3. Ransomware

Criminals can trick employees into downloading malicious software onto their work computers or network. Once there, this software encrypts information that your employees need to do their jobs. Depending on your set-up, this could impact one employee or your whole school.

The hacker then demands money, often cryptocurrency, in exchange for unlocking your systems. If you don't pay, you could end up spending millions to decode the encryption without the hacker's help.

4. Phishing

Phishing uses the law of numbers against you. When they choose to attack a particular organization that they think is vulnerable, they send thousands of emails in a 'phishing campaign". They know that someone will fall for it. Phishing scams use deceptive tactics to convince people to comply.

5. Social Engineering

Social engineering tells us to be helpful and do what people in authority tell us to do, sometimes without question.

For example, a scammer might pretend to be the superintendent who emails the school bookkeeper late at night because they couldn't get in touch with the principal. The fake superintendent needs a favor. They tell the bookkeeper to send the football team's fundraising money to a different bank account. The bookkeeper, who doesn't know the superintendent very well, complies because they don't want to be insubordinate.

How to Protect Against School Cybersecurity Threats

Each of these can happen and do happen from universities down to pre-schools. And few schools are prepared.

No one thinks they will fall for this. But the tactics are constantly changing and very convincing. You must take steps to protect yourself.

1. Educate staff and older students about these threats

2. Invest in a good spam filter

3. Make sure your firewall and malware are up-to-date

4. Create a strong password policy

5. Explore technology options that reduce the risk of entire servers getting infected

6. Monitor for unusual access

7. Limit access on a need to know basis using tiered security

8. Backup important data using a secure cloud backup so no one can hold your student's records for ransom