How To Protect Against Cyber Security Threats in the Schools

By -

This article was written originally for MultiBriefs Education.

I’ll never forget the first cyber security attack I endured as a high school principal. It happened years ago, after I had to assign consequences to a tech-savvy student who regularly would hack into our school wifi network to access websites and social media platforms that, at the time, were blocked from student access during the school day. I remember the student being upset because he was trying to meet a critical deadline for his international business, and his two other partners (one in Finland, one in Russia) needed his help to finish a project for their company. The three ran a company that rented and solder server space to gamers around the world. Mind you, my student had just recently celebrated his 15th birthday.

Coincidentally, the day following the in-school suspension I assigned the student, my school district was placed under a distributed denial-of-service (DDOS) attack from unknown sources on the web. For those who have never experienced such an attack, I can describe it in this way. Imagine one day that all of the computers in your school were no longer able to connect to your school’s network which includes Internet access. Your network was receiving a flood of useless data from unknown sources that was choking its ability to do anything else but drown in this data, rendering your network useless. Your IT professionals could do nothing, and your Internet provider was equally as helpless. This DDOS attack lasted for days, and my school was at the mercy of our attackers, just waiting for them to stop and move on to something else. I was never able to connect my student to this attack, but ironically, the DDOS didn’t stop until I pleaded with the student that if he had anything to do with it, I needed him to put a stop to it. The DDOS attack stopped within six hours of that conversation.

In the days and weeks following the attack, I tried to figure out what I could do as a school principal to prevent these types of actions from reoccurring.  Back then, options were limited, but years later, we have learned a lot about cyber security and what can be done to protect against it.

A recent EdWeek special report looked at K-12 cybersecurity big threats and best practices. The report was a series of articles, webinars, and videos on the topic. In this March 2019 EdWeek article, reporter Benjamin Herold wrote about the barrage of DDOS attacked that North Dakota schools faced earlier this year. Bismarck schools were highlighted for their efforts to keep their security patches up to date and their decision to keep a full-time staff member dedicated to network security. Across the country, just 25 percent of school districts have such a position, and that figures drops to just 8% in rural areas. Rural North Dakota has responded by forming a robust state-level network to manage many of the day to day network operations that rural districts simply don’t have the staffing to handle. Herold wrote, “The state department of information technology manages a statewide broadband network known as STAGEnet. Each day, more than a quarter-million users across 400 separate public entities—including the state’s 227 K-12 school districts—use the network. Much of the work of monitoring and filtering incoming traffic is handled at the state level, taking some of the burden off under-resourced schools.”

Edweek reporter Sean Cavanagh shed light on the cyber security threats that schools most often face in this article. Cavanagh interviewed Melissa Tebbenkamp, Chief Technical Officer for Raytown Quality Schools, which serves roughly 9,000 students just outside Kansas City. Tebbenkamp reports that some of the biggest cyber threats come about from unsuspecting staff members who open phishing emails disguised as something benign. Tebbenkamp stated, “It’s about protecting where you have control—which is your house—first. We do have a growing concern about outside malicious attacks directly targeting us. But the biggest and most frequent [vulnerabilities are posed by] our staff.” When asked what schools could do to decrease cyber attack threats, Tebbenkamp said this: “You obviously have to have the gates closed. You need to have your firewalls in place, and meet those best practices. Your virus protection. The majority of schools do that pretty well. The next piece, once you take care of the basics, is user training. Making sure your staff know what a phishing e-mail looks like, what those scams look like, how to respond or not respond. Where it’s important to share student information, and where it’s not. That end-user training is going to protect you. That will protect you against the lost USB drive with personal information on it. That training can’t be once a year. You have to keep it front of mind.”

Cyber security is an ever-changing field, and I have found the best thing schools can do to protect themselves is to stay educated about threats that could impact their operations, and ensure staffing and resources are dedicated to warding off and addressing those threats when they come up.



Comments

Post a Comment

Popular posts from this blog

My Speech to the NHS Inductees on Scholarship

By -
Image
Tonight, I will be speaking to you about scholarship, one of the four pillars of the National Honor Society. Scholarship is one of those words that we all can identify with, but it isn’t that easy to define. Dictionaries often define it to mean “academic achievement, learning; or the qualities of a scholar.” The qualities of a scholar --- well my ninth grade English teacher Mr. Tomallo never would have allowed me to use the word I was trying to define in the definition, so I have to dig deeper. What is a scholar? Again I turn to the dictionary, and I find the following: “A scholar is a learned person, someone who attends school or studies with a teacher.” I’m still not satisfied with this result. It seems the online dictionaries that Google has offered me are not helping me summarize what should be an easy-definable concept, scholarship. Perhaps I will need to research some examples of scholarship to help us better understand the concept.   In preparation for this speech...
Read more

Does Your School Facility Need a Makeover?

By -
Image
Does your school facility need a makeover? According to this 2012 report by the National Center for Education Statistics, 53% of American schools are due for such an upgrade. Upgrades can be done in ways to fit almost any school budget. The key for school principals is to stretch the financial resources they have to provide the biggest rate of return possible to enhance student learning and overall school culture.   At a recent visit to my child’s middle school, the principal took me on a tour of recent upgrades made to their front entrance lobby. The building, built quickly and cheaply in the 1970’s has long since reached the status of obsolete in our community, yet we as a voting community just aren’t ready to support a project to build a new middle school. Like so many other principals from coast to coast in this situation, the principal had to look for small ways to make facility upgrades that would have a big impact. The lobby project was this kind of a project. Much...
Read more

My Speech to the NHS Inductees on Character

By -
Image
Character is perhaps the most abstract of the four National Honor Society pillars, and that perhaps makes it the most difficult to quantify and speak about. Most of us would say that we know good character when we see it. We identify with examples of strong character. Consider this situation: Four friends from out of state are passing through Kingston on their way to a vacation in the White Mountains. Their names are Jerry, Elaine, George, and Kramer. Yes, for those of you who recognize this story I am talking about the 4 main characters from the television series Seinfeld and this is the famous “final episode.” They witness a robbery in broad daylight. The robber has his hand in his pocket, and the victim shouts that the man has a gun. As soon as the robber runs away, a Kingston policeman appears on the scene; but instead of pursuing the robber, he arrests Jerry, Elaine, George, and Kramer for having violated the "Good Samaritan" law. Since the four of them spent ...
Read more