By Matt Mayo
DiamondIT, Founder and CEO
In January, Panama-Buena Vista Union School District’s network was infected by ransomware which shut down the school’s phone system and all Windows computers. While school officials lamented late report cards and using manual processes for communications, temporary hotspots and an examination into internal controls and network security, my mind turned to the real issue here – the protection of our children at school.
In a generation that relies on school phone systems and networks to thwart the very real possibility of a school shooting, the significance of the recent data breach at Panama-Buena Vista USD is alarming. It brings to mind the question: What are school districts doing to make sure students are protected and emergency systems are operable at all times?
While the immediate inconvenience of having no phones or computers is difficult, I believe the greater concern lies in the fact that the school’s emergency response systems run through the phone structure which was incapacitated. Along with the emergency notification system, other security safeguards like simultaneously locking down school buildings also depend upon the phone system to run.
As a community member, parent and grandparent, I want to know what new security measures are going to be added immediately to keep this from happening again. As a Leadership Council Member at Secure the Village, a nonprofit dedicated to turning people and organizations into cyber guardians, I believe swift action needs to be taken by not only Panama-Buena Vista Union schools but by all school districts.
Your Kid’s Identity is at Risk
School districts are the custodians of our children’s personal information, and student records are one of the most sought-after on the Dark Web, the black market of the internet. A typical student file contains date of birth, social security number, medical information, home address and parent contact information.
I think we can all agree that it is imperative to protect our children’s identities from being stolen before they even have the chance to develop them.
The school district said no personal information has been accessed by the hackers and that the district only needs to recover the information from their backups. In our experience at DiamondIT, we have learned that hackers usually don’t toss down ransomware until they have already taken the sensitive information they are seeking – and most likely already have installed secondary infections to activate later when everyone has gone back to their regular routines and their guard is down.
For the first time ever, data is worth more than oil. And, data, like oil, is worthless until it is extracted and refined. The average data breach cost U.S. businesses an average of $8.19 million per breach in 2019. The data extraction business is booming.
For just $45 a year, you can buy a subscription to the Dark Web and gain access to millions of records. Want to be Susie from PSD 555? That’ll be $12.99. Although prices vary (you’ve heard about “no honor among thieves?”), it’s still horrifyingly cheap to buy an identity on the black market. Kids are a prime target because they are less likely to have identity monitoring or to become aware of the use of their identity until years after the identity has been sold.
This alone should be enough for school districts and other organizations that are storing valuable, sensitive information to put cybersecurity solutions in place and implement district-wide staff cybersecurity awareness training. As government entities, school districts don’t have the ability to be financially nimble, and therefore, must plan ahead to protect their students. You can’t wait for next year’s budget process to initiate a cybersecurity budget. Hackers are here now, and they’re eager to take advantage of the slow-moving bureaucratic response to their activities.
Here’s Your Homework
DiamondIT is passionate about security awareness training, and we host quarterly, free security events in Bakersfield and North LA. Our next event is an Executive Cybersecurity Training on March 26 at Lengthwise Brewery. All attendees get a free Dark Web scan, 90 days of free staff-wide cybersecurity awareness training and a certificate of training completion. Please come – it’s important that our community is prepared to fight cybercrime.
Many networks are already compromised. If you have 1% of your network users clicking on emails and websites, you have malware. A school district has students, staff and parents – likely thousands of people – accessing WiFi and clicking all over the internet. If adults have trouble knowing what is safe to click, imagine what a child’s ability to know what is safe is.
A comprehensive network assessment, along with continuous penetration testing, will give you the baseline information you need to close the security gaps in your network. By identifying your vulnerabilities, your risk can be minimized and your data protected more effectively.
Penetration testing – or Pen testing – exams the vulnerability of your network by trying to penetrate the network via 3 scans: internal, external and social. The test puts your network through several breach attempts to determine how at-risk you are.
Cybersecurity Solutions for School Districts
We developed SecureCentric, a security stack specially designed to protect educational institutions against cybercrime without breaking the bank. We have worked diligently with our providers to create a layered security system specifically designed to protect school districts. Coupled with special pricing for education to make it fit district budgets, our cybersecurity solution helps you protect your schools with:
- Security Awareness Training
We teach you to recognize what is safe to click on and what is not. Phishing simulations and student testing show where the highest risks to hackers are and make your network users aware of how to be safer when accessing email and the internet.
- Wireless Security
Wireless internet is big in schools, so we use WIPS – Wireless Internet Protocol for Security – to secure the connections. Just one device can secure up to 4 existing wireless radios, and there’s no need to rip and replace existing internet connections. Added on to the current system, WIPS makes the school’s wireless internet access points more secure.
- Breach Detection
In addition to current antivirus, antispam, and firewall layers, we add external and internal vulnerability scans to detect primary and secondary infections left behind that were not discovered as part of the original ransomware attack.
Security is not “set-it and forget-it.” Proactive network monitoring and management must be ongoing. Your cybersecurity budget line item is here to stay.
- Get a network security assessment and penetration test
- Add SecureCentric managed security layers of protection to your security stack
- Join us March 26 for our Executive Cybersecurity Awareness Training
Please reach out to me and my team of experienced cybersecurity professionals – we work with school districts; we know your concerns and we know the answers to keeping your information safe. Here’s how to reach me: [email protected] or (877) 716-8324.