Cybersecurity Incidents Strike Often
If the Colonial Pipeline ransomware attack had a silver lining, it was that it brought worldwide awareness to the fact that ransomware attacks are a costly epidemic. For years, school districts have been a target of such attacks creating costly headaches for those trying to educate our children.
A report highlighted on EdSurge says a new cybersecurity incident strikes K-12 schools nearly every three days.
For most districts, the challenge of protecting data is a chief responsibility of the director of technology. The person charged with guarding that data has to prepare for attacks in several forms, which include but are not limited to.
- Denial of Service Attacks
- Phishing Scams
How to “mitigate” the problem?
“The key is not complete containment. That is not possible,” says SchoolStatus CEO Russ Davis. “The gold standard is mitigation.”
Davis has been working with school districts for over a decade and he says there are steps districts can take to reduce risk to a reasonable amount. Davis believes that districts need to have policies and plans in place to prevent extreme damage from cyberattacks.
“What happens when there is a breach? What do we do?” Davis says these are the types of conversations districts should be having.
Don’t store student’s social security information
Dane Conrad, who is the technical onboarding specialist at SchoolStatus spent the past few decades serving as the Director of Technology for large school districts. Conrad says they quit storing student’s social security numbers in their SIS (Student Information Systems).
Conrad says criminals would love to have students’ social security numbers because those socials often go unchecked for foul play.
“If somebody steals my identity and they use my social security number. Typically I’ll fumble upon it. So I’ll see information being accessed on my credit card or my debit card,” says Conrad. “But for a student, they are not necessarily in that environment.”
Conrad says criminals could use that number for years before anyone realizes the damage.
Superintendents should ask their director of technology if they’re storing student socials anywhere on their servers. If so, find out why? Is it a necessity?
Educate about Phishing
One of the most common ways districts are compromised comes from phishing attempts. This is typically when a fraudulent email tricks employees into handing over sensitive information. Often employees may be tricked into handing over their login credentials.
Conrad says it’s critical for districts to educate their staff about what a phishing attempt may look like.
He also recommends using a resource like knowbe4.com. He says they offer literature you can share with employees and they’ll even run phishing attempts to test the system and see where you may have vulnerabilities.
How to combat Denial Of Service Attacks
A Denial of Service AKA DDOS attack occurs when multiple systems flood bandwidth or web servers. As a result, your school’s network could be temporarily shut down.
Davis says having a quality ISP (Internet Service Provider) can help prevent this. He says that good ISPs offer intrusion prevention and detection systems. He also suggests that districts should tighten up their firewall.
Frequent Backups to protect against Ransomware
A district unprepared for a ransomware attack can be devastating. Ransomware can infect a computer system or server and block access to crucial data and files. The ransomware may quietly go through and encrypt a server until a ransom is paid.
So what do you do if one of your servers is encrypted with ransomware?
Davis says fixing it may make it worse. “First of all, mitigate the risk by disconnecting that device from the network.”
It’s important to isolate the risk and contain it before it infects the entire network.
Davis says one of the challenges is that most people don’t have any kind of detection mechanism. They don’t find out there’s an issue until employees start letting them know that they can’t access certain files.
This is where a great backup system can save you.
Davis says “If you can say we’re not paying the ransom. We’re just going to restore from last night’s back up,” you’re in great shape.
“But if you don’t have those policies and procedures to ensure getting a backup every night,” Davis says you’re in trouble.
You’ll most likely have to pay the ransom or risk losing those files.
You have a backup — But can you restore it?
Conrad notes that the joke has always been “a backup plan is only as good as your restore plan”
He says that you can have as many backups as you want, but if you can’t restore from them, you’re not helping yourself.
Conrad recommends that districts restore something every once in a while just to make sure it works. He says the Privacy Technical Assistance Center is a great resource for learning best practices.
To hear our full interview about securing school district data, listen to Episode 194 of the Class Dismissed Podcast on iTunes or your favorite podcasting app.
- Have Enterprise management update devices with the appropriate patches.
- Upgrade your firewall – The new firewalls offer insight into what kind of traffic is running through the system.