We are all vulnerable to cyber attacks but for varying reasons but education, specifically K-12, is at the bottom rung when compared to private and public sectors in managing their cyber security. Due to the sensitive nature of student enrollment forms and personal information shared in the student records, it is critical to have a plan and work that plan to avoid being vulnerable to such attacks.
Here are few suggestions to get your district on its way to a safer cyber environment:
• Make sure to provide your staff and volunteers with the tools to stay diligent to suspicious emails to avoid Phishing scams
• Update your anti-virus and anti-malware software
• Incorporate a network redundancy and backup recovery plans
Cyber-security is not something to “get to” in the future, it’s an immediate risk and needs to be made a necessity to building a secure future for our students and districts.
Distributed denial of service (DDoS) attacks are plaguing districts with increasing frequency. For the sake of pure mischief, these attacks saturate servers with so many external communications requests that they can’t respond to legitimate school traffic, such as teachers trying to access online grades or email. These attacks can range from a slight annoyance, such as the single student who brought down Fulton High School’s network for a few hours, to downright disastrous, such as the month-long network shut down at Community Unit School District 303 in Illinois. The scary part is it only took two high school students and their smartphones to launch this devastating attack on the school’s network.
So how do we prevent our networks from becoming liable to DDoS attacks and our most connivingly tech-savvy students?
Teachers aren’t always aware that they can open doors to security risks when they log into school’s network while students are around. Even more dangerous, as teachers access different web apps on the school network throughout the day, it is not unusual for teachers to leave some or all of their accounts logged in at the end of the day.
Properly signing off of each account goes a long way to protect the school network server and database. Allowing the IT department to implement a privacy protocol is a very effective first step towards ensuring digital security, as long as it’s followed by rigorously educating staff on what that protocol is.
Are there more technologically-offensive approaches to preventing DDoS attacks?
Disruptions are rendered short-lived if a district has a software protocol that shifts unwanted inbound traffic to a separate IP address.
Intrusion detection software can alert IT staff, who can then shut down DDoS attacks before they cause more disruption.
Having two data centers is also a foolproof way to sidetrack DDoS attacks. If the first data center becomes flooded with unwanted traffic, IT can switch all users to the second one so that network access can continue uninterruptedly for other school staff.
Although currently at a very high cost, DDoS-mitigation software automatically shuts down attacks without the second step of manual intervention.
Storing files in a secure cloud and preventing school staff from downloading files onto personal devices can go a long way to protect sensitive data – as long as staff are taking all the necessary precautions to protect login data. This includes changing passwords frequently, keeping passwords complex, never sharing passwords, and logging off of all accounts when leaving a device.
Narrowing the amount of authorized personnel from accessing certain information minimizes risk. This can happen on various levels, such as barring almost all school staff members from accessing social security numbers, and limiting teachers’ access to their own students’ information rather than the entire student body.
IAM (Identity and Access Management) technology lets users access online resources with a single sign-on that meets district security policies. IAM also puts tighter controls in the hands of IT staff. This includes automating when accounts, resources and certain operations should be blocked.
Phishing scams 101: Tips for protecting student data
POSTED JULY 3RD, 2016
In the digital age, technology is continuing to change and enhance almost every aspect of our lives. Schools in particular have benefited considerably from the introduction of digital platforms, which are increasingly replacing outdated paperless solutions. Platforms, such as school admissions software, can streamline the complex and detailed process of registration and store valuable patient data in a convenient and accessible way.
As with any data storage platform, however, sensitive information is vulnerable to theft from cybercriminals. According to Digital Guardian, cyber attacks have grown in frequency in recent years, and particularly phishing attacks, which your school district could be at risk from.
“Cyber attacks have grown in frequency in recent years.”
What is a phishing scam?
Phishing scams involve the theft of protected data which can enable the criminal to steal an individual’s identity. As Microsoft explained, phishing scams are highly sophisticated attacks that target individuals. They work like this: a school administrator may receive a faux email from an ostensibly reputable source, such as the principle or superintendent. The email will contain a URL link or attachment, which the recipient will be instructed to open or download. If the victim complies with the directions, the attachment or link will install malicious software on his or her computer, allowing the criminal to steal the protected student data.
Student information is particularly valuable to a cyber criminal because it may contain parental information such as home addresses and social security numbers. Sometimes a criminal will access the protected data in the same way, but instead of stealing the information will instead hold it hostage. This is known as a ransomware attack.
While phishing scams are somewhat rare, given the uptick in incidences in recent times, it’s important to be prepared. Here are a list of tips.
How to avoid phishing scams
Educate all of your staff about how to recognize a potential phishing scam. There are usually a number of telltale signs that an email is inauthentic, Microsoft argued. Firstly, the email may contain a high number of grammatical errors. This is a big red flag that the message is from a malicious source, as most professional or official emails are checked for spelling errors. The second sign is to feel out what may seem unusual. Phishing emails will typical ask the victim to surrender important data, Norton reported. This may seem odd, especially if the supposed sender – such as the superintendent for example – hasn’t made such a request before. Staff should be instructed to always double check that an email is authentic before complying with instructions.
Hold routine training seminars to ensure that everyone is educated on your school district’s cyber security protocols.
Ensure that each school has an up-to-date and comprehensive cyber security infrastructure in place. This includes platforms such as anti-virus software and firewalls, Panda Security explained.
Have experts come in and routinely inspect the IT system for any problems or potential security threats.
Stay calm and exercise common sense. Most scams are easily recognizable. Use a level head and best judgment.