On Board Online • November 24, 2025
By Eric D. Randall
Editor-in-Chief
The State Education Department (SED) has noticed "a concerning rise in cyber-attacks aimed at school districts," according to information sent to school superintendents on Nov. 4.
In October, cybercriminals stole roughly $1 million from the capital construction fund of the Voorheesville Central School District in Albany County. State Police have recovered $750,000, and the district's insurance company will cover the remaining $250,000 if police do not recover it, Superintendent Frank Macri said.
According to the district's website, staff are "conducting a thorough review of its internal procedures and protocols to further strengthen safeguards against the increasingly sophisticated threats posed by cybercrime."
Some cyberattacks have targeted students with fake job offers, according to Marlowe Cochran, SED's Chief Information Security Officer. "After collecting student data, attackers send fraudulent employment opportunities designed to exploit personal information," Cochran said.
In many cases, cybercrimes begin with phishing attacks - deceptive emails that ask a person to take an action such as providing personal data via a fake login or clicking a link that downloads malware.
Cyber crooks may create look-alike domains, such as legitimateccompany.com, which is hard to distinguish from legitimatecompany.com. Personnel should be particularly wary of sharing bank account numbers and routing details, Cochran said.
Staff should double-check that they are being contacted by an actual vendor and follow an approval process that involves multiple personnel, according to Cochran.
Free training on phishing is available from the Cyber Incident Response Team (CIRT) at the Division of Homeland Security at CIRT@dhses.ny.gov.
Article 19-c of the General Municipal Law requires school districts and other governmental entities to report any cybersecurity incident or ransom demand to the state Division of Homeland Security and Emergency Services within 72 hours. SED also wants to be informed.
School information security officers have formed a group called the K12 Security Information eXchange to help school personnel anticipate cyber threats and help with crisis management. It provides free resources at www.k12six.org/essentials-series .
About 12% of businesses that had cyber insurance made claims in the past year, according to a 2025 report by Artic Wolf, maker of a cloud-based threat detection system used by 10,000 customers in 30 countries. Claims have involved data breaches, ransom demands, theft of funds and phishing incidents.
Premiums for cyber insurance are expected to rise 15% in 2026, according to a Nov. 5 report on insurancejournal.com. One reason: artificial intelligence. AI has become "a weapon for bad actors," according to Rohit Makhijani, a principal analyst at Forrester Research.
Also, a company or organization that uses AI "increases threat surface area," according to Insurance Journal. "If you've got a bigger house, you're going to need more insurance," Makhijani told the publication.
"We encourage school districts to have cyber insurance and be sure they are being insured at an adequate level," said NYSSBA Executive Director Robert Schneider, a CPA and licensed insurance broker.