FCC releases cybersecurity resource guide for budget-constrained schools

The attacks come with a hefty price tag for schools, as nearly half of K-12 providers globally that are hit with ransomware pay to have their data restored, according to a 2023 report by U.K.-based cybersecurity firm Sophos.

Over the course of five years, ransomware attacks against K-12 and higher education institutions breached over 6.7 million personal records worldwide and cost over $53 billion in downtime between 2018 and 2023, according to an analysis of 561 attacks by Comparitech.

The federal government has also stressed the importance of cybersecurity and its impact on K-12. 

According to a 2022 U.S. Government Accountability Office report, cyberattacks can lead to losses in learning ranging from three days to three weeks. Recovery time can take between two to nine months, and the financial hit can range from $50,000 to $1 million, per the report. 

“We recognize that schools and libraries often face budget and resource constraints, so these recommendations highlight free and low-cost options and focus on the most impactful initial steps,” the FCC and Education Department said in the guide released Wednesday. 

The guide includes recommendations such as focusing on: 

• Multi-factor authentication.
• Using strong passwords.
• Recognizing and reporting phishing.
• Updating software.

Last year, the White House held a K-12 cybersecurity summit where the FBI prompted school districts to “please call us immediately” if they fall victim to a cyberattack. 

“We can’t talk about potential collaboration at the local level, at the state level, if we’re not modeling it here at the federal level,” U.S. Education Secretary Miguel Cardona told summit attendees in August 2023.