Cyberattackers have been increasingly taking aim at the educational sector. So much so that this past September, the Federal Bureau of Investigation (FBI) issued a warning concerning the widespread theft and misuse of student data. “Malicious use of this sensitive data could result in social engineering, bullying, tracking, identity theft or other means for targeting children,” notes the FBI memo.

In fact, as of this writing, 418 K-12 cyber incidents have occurred in the past three years, according to the K-12 Cybersecurity Resource Center. A map published by the Center  pinpoints where schools have been attacked by various cyber incidents. Yellow pins signify ransomware attacks that occurred in 2017—the most formidable collection can be seen in Texas. Blue pins represent phishing attacks, which can be seen scattered throughout the United States.

In the UK, phishing and malware attacks constitute the most common means of filching data from educational systems, according to The Telegraph.

In phishing attacks, cyber threat actors send out emails that supposedly come from deans, principals or other administrators, asking for contributions, donations, or password resets that ultimately compromise personal or financial information on a large scale. The ‘phishers’ have gone so far as to target bursars’ offices and financial aid offices, leading to what many call ‘whaling’.

After extracting sensitive data from school databases, hackers have contacted children, and made threats of extortion, physical violence, and exposure of personal data.

In an effort to push for more stringent cyber education and protection, The National Integrated Cyber Security Research Center (NICERC) has created a curricula for interested K-12 teachers. While some schools are already moving toward investing in modern cyber security protections, more can be done to harden security and prevent attacks.

To learn more about how public K-12 school leaders and policymakers in the US can tackle cybersecurity-related issues, check out the K-12 Cybersecurity Resource Center’s curated list of informational materials.