Schools: Get Schooled About – Or Schooled By – Hackers
Hackers are going after schools, the paychecks of teachers and staff, and the personally identifiable information (PII) of students. IT decision makers at every school need to ensure that their environments include comprehensive, multi-layered security, to protect that PII and maximize the educational value of their IT investments.
Malware: Class Is in Session
Most highly publicized hacker attacks have targeted commercial enterprises and government agencies. However, a recent article in The Wall Street Journal sounds the alarm for educators everywhere – “Hackers Target Nation’s Schools.”
- “Cyberthieves have struck more than three dozen school systems from Georgia to California so far this year, stealing paychecks and data or taking over networks to extort money.”
- “School districts in Atlanta, Boston and Georgia’s Fulton County each had payroll checks stolen this year after hackers rerouted employee direct-deposits into unauthorized accounts.”
- “Some school districts have spent thousands to reimburse employees whose direct deposits were rerouted by hackers, including Atlanta Public Schools where 27 employees had a combined $56,000 stolen in such a scheme last month.”
- “At Fulton County Schools in Georgia in August, thieves tricked 46 employees into providing login credentials via phony emails and then used that information to reroute direct deposits onto reloadable money cards. About $75,000 was lost, with the district recouping about $3,400 by reversing some transactions. The district reimbursed its employees.”
- “The attackers have gained access to servers containing student names, addresses, social security numbers, birth dates, academic performance, phone numbers and medical and discipline records—in some cases releasing data in an escalating series of demands and actions.”
- “The FBI warns against paying ransom, saying it is a risky strategy that could encourage future attacks and possibly fund other illicit activity by the hackers.” “A few districts, betting that surrender would be cheaper and easier than defeating a hack, have gone against FBI advice and paid off the hackers.”
In some cases, the threats go beyond loss of money.
- “On Oct. 5, a Twitter page using the name of a well-known hacker took credit for Johnston County [Iowa]’s hack in a tweet that read: “With the student directory from JCSD [Johnston County School District] we released, any child predator can now easily acquire new targets and even plan based on grade level.”
- “In the Splendora Independent School District in Texas, where hackers are threatening to release student information, physical security has been beefed up but parents are on edge.”
The Solution: More, Better Cybersecurity
“Cyber experts say schools need to be proactive in the rush to go digital, such as having antivirus software up-to-date, backup files, and providing computer security training.”
Ivanti experts agree, as do respected authorities around the world, including the FBI, the U.S. National Institute of Standards and Technology (NIST), and the Center for Internet Security (CIS). All agree that basic steps, such as timely client and server patch management, application control, privilege management, and user education, can greatly improve cybersecurity at any enterprise, including a school.
Of course, schools face multiple challenges most commercial and government enterprises do not. Fortunately, modern educational technology solutions incorporate robust, multi-layered cybersecurity features. Such solutions are also designed to enable schools to automate key functions and support user self-service, to improve technology access for students and management for schools without armies of technical staff. As schools and school districts seek to support more and better technology access for students, their IT departments must ensure their chosen solutions and processes embrace effective defense in depth.
Get Extra Credit for Better Cybersecurity with Ivanti
In Canada, British Columbia School District 67 supports 7,500 students, 800 staff, three high schools, four middle schools, 10 elementary schools, 2,000 desktops, 14 Citrix servers, and 300 laptops. By implementing Ivanti Application Manager, Ivanti Environment Manager, and Ivanti Performance Manager, the District has achieved granular, centralized control over applications, client systems, and USB devices, improving both security and IT staff productivity. With Ivanti, instead of frequent system re-imaging for security purposes, the District IT team re-images only once a year for maintenance.
Your homework assignment? Read the complete British Columbia School District 67 case study. Then, grab a complimentary copy of our white paper, “What to Do BEFORE All Hell Breaks Loose: Cybersecurity for Today’s Extreme Threats.” Then, check out our solutions for K-12 education online. Then, contact Ivanti. Let’s learn how to improve cybersecurity for all your schools, students, and staff, together.