Las Cruces public schools in New Mexico were hit by a ransomware attack in October 2019 that shut down the district network for weeks. It took months in Las Cruces to re-secure their data systems, while staff spent thousands of additional hours working to manually scrub 30,000 computers, back up computer files, and reinstall operating systems and software.
Although the attack dealt a severe blow to the district’s operations, Las Cruces was fortunate in many ways that it was no worse. They did not pay the hacker’s ransom demands and had backup systems installed for district and student data that allowed business operations to continue running throughout the ordeal. In addition, Las Cruces had IT staff who were able to react and implement solutions quickly. And all of this happened just before the pandemic and the district’s shift to remote learning, so the timing was fortuitous.
But other districts that experienced ransomware attacks were not so lucky. And it is likely that those who have not yet been beaten or who have taken preventative measures live off the time spent. Because when it comes to cybersecurity, “hope” is not an effective prevention strategy.
Ransomware attacks have become a major problem for K-12 schools. It has been reported that 65 per cent of recent attacks have been directed at schools, which highlights a serious problem for educators that is only getting worse. And with the movements of schools toward remote learning over the past year and a half, and with greater reliance on network-based instructional technologies in the future, the importance of stable data networks has increased. . So are the possible entry points for nefarious groups looking for vulnerabilities in district networks.
WHO’S THE PROBLEM?
Las Cruces school officials believe the hackers who accessed his network did so through a credential fishing scam, meaning that someone who used a computer on the district’s network opened a fake email attachment, allowing bad actors to take over the user’s device and infiltrate the network. Officials believe the intruders had access to the district network for weeks to analyze and make action strategies before disclosing their presence. So while IT staff are often tasked with resolving the bulk of the disaster created by a ransomware attack, a seemingly innocent mistake by someone using a networked computer can cause a world of pain. for many. That is, the responsibility for keeping networks secure is shared by all users: staff, faculty, and students.
WHAT SHOULD BE DONE?
- Cybersecurity assessment. If they have not already done so, districts should conduct a cybersecurity assessment conducted by a reputable partner. These assessments are usually free and can help districts prioritize their needs, identify their highest risk areas, and then define the steps and costs needed to address the issues, which can be approved funding funds. federal aid.
- Data backups. School districts should periodically back up all important data in a secure location that is not accessible through the district network.
- Formation. An IBM-sponsored study found that 60% of teachers and administrators have received no training or guidance on their role in preventing cyber attacks or on the potential dangers of connecting their personal computers to district networks. And, since fishing expeditions are known to be a key tactic for hackers to access district networks, all endpoint users should be trained and periodically alerted of new intruder scams.
- Update and maintain applications. Districts should require that antivirus and antimalware applications be kept up to date on all endpoint devices, that is, any digital devices connected to the district network, including those owned by staff and students. And instead of relying on users to perform these updates, districts should automatically and remotely update their devices when they connect to the network. As product developers periodically update applications in response to new cybersecurity threats, districts should also keep their endpoint operating systems and software up to date.
- Locks endpoint devices. Districts should block users from installing new applications independently on district-owned devices. Having been involved in implementing this strategy, I know it can frustrate many district employees, especially teachers. Schools will need to develop a timely and viable solution to ensure that educators can install verified instructional applications on their computers and on their students ’devices.
- Separate networks. Districts should install a network of administrators and staff that is separate from the student and guest network so that any intrusion problems can be isolated.
- Improve password security. Requiring school district users to change and reset their passwords frequently for networking applications is a practice that will likely be resilient. It can be argued that teachers ’work is hard enough without any further irritants. But these precautions are becoming a necessity and providing users with a password management tool can help alleviate their frustrations.
The Consortium for School Networking has been leading a push with the Federal Communications Commission to expand the federal electronic fee funding program to include cybersecurity coverage to better protect schools. This is an important initiative that will require serious attention and additional funding from all levels of government.
But as ransomware attacks become more sophisticated and prevail in K-12, a solid first defense is a well-trained user base to help keep the gates of the district network well set, making it possible. the intrusion of possible intruders.
Kipp Bentley is a senior member of the Center for Digital Education. He has been a teacher, librarian, and director of educational technology at the district level. He currently writes and consults from Santa Fe, New Mexico.
See more Kipp Bentley stories