Cybersecurity Incidents Strike Often
A recent report highlighted on EdSurge says a new cybersecurity incident strikes K-12 schools nearly every three days. Now more than ever, school districts are reliant on using computers and servers to store student and employee data and burden of securing that data is a massive undertaking for educators.
For most districts, the challenge of protecting data is a chief responsibility for the director of technology. The person charged with guarding that data has to plan for attacks in several forms, which include but are not limited to.
* Denial of Service Attacks* Phishing Scams* Ransomware
How to "mitigate" the problem?
"The key is not complete containment. That is not possible," says SchoolStatus CEO Russ Davis. "The gold standard is mitigation."
Davis has been working with school districts for over a decade and he says there are steps districts can take to reduce risk to a reasonable amount. Davis believes that districts need to have policies and plans in place to prevent extreme damage from cyberattack.
"What happens when there is a breach? What do we do?" Davis says these are the types of conversations districts should be having.
Don't store student's social security information
Dane Conrad, who is the technical on-boarding specialist at SchoolStatus spent the past few decades serving as the Director of Technology for large school districts. Conrad says they quit storing student's social security numbers in their SIS (Student Information Systems).
Conrad says criminals would love to have students social security numbers because those socials often go unchecked for foul play.
"If somebody steals my identity and they use my social security number. Typically I'll fumble upon it. So I'll see information being accessed on my credit card or my debit card," says Conrad. "But for a student, they are not necessarily in that environment."
Conrad says criminals could use that number for years before anyone realizes the damage.
Superintendents should ask their director of technology if they're storing student socials anywhere on their servers. If so, find out why? Is it a necessity?
Educate about Phishing
One of the most common ways districts are compromised comes from phishing attempts. This is typically when a fraudulent email tricks employees into handing over sensitive information. Often employees may be tricked into handing over their login credentials.
Conrad says it's critical for districts to educate their staff about what a phishing attempt may look like.
He also recommends using a resource like knowbe4.com. He says they offer literature you can share with employees and they'll even run phishing attempts to test the system and see where you may have vulnerabilities.
How to combat Denial Of Service Attacks
A Denial of Service AKA DDOS attack occurs when multiple systems flood bandwidth or web servers. As a result, your schools network could be temporaily shutdown.
Davis says having a quality ISP (Internet Service Provider) can help prevent this. He says that good ISPs offer intrusion prevention and detection systems. He also suggests that districts should tighten up their firewall.