ANGOLA – The Metropolitan School District Director of Technology Chantell Manahan briefed the school board on the administration’s efforts to ensure the cybersecurity of the staff and students.
Manahan said that in the seven years that she has served in her position, cybersecurity changed immensely, and instead of emails from Nigerian princes with inheritance, the cyber attacks have become more sophisticated.
She then quoted a few media headlines from the end of 2022 — the beginning of 2023 mentioning the instances of cyber attacks on schools in neighboring states that put the school networks down for a few days.
“You might remember hearing in the news that over 5,000 school districts in our country had their websites down for days after a cyber attack last year,” Manahan said.
She explained that the schools were targeted for cybersecurity breaches because they collect a massive amount of data on students, such as test scores, demographic, attendance, discipline and fresh students’ identifications.
“These Social Security numbers and dates of birth are probably not going to be applying for purchasing house, applying for a loan or a credit card for several years, so a student might graduate at 18 and try to apply for a credit card only to find out that their whole credit history has been maxed up by a bad actor because something got leaked on the dark web and they had no idea,” she said.
In addition, she said that the primary solution to cybersecurity breaches was staff training. Historically, funding has not been devoted to cybersecurity efforts, and a lot of individuals specializing in cybersecurity were working in the private sector that paid better, and that made schools an easy target for the cyber attacks.
COVID further complicated things, as often people that were working from home were unaware of the basic cyber safety rules.
Manahan further mentioned some of the most common cyber frauds methods, such as pfishing and sending emails from the addresses that might be just one letter different from the official district vendors or providers.
Manahan repeated the message that Chris Hall expressed speaking about physical security — just like physical safety, cyber security was not only about technology, but also about human factors, and all it takes for a school cybersecurity system to be broken is one teacher clicking on one fraudulent link.
For that, she stressed the importance of both formal training and informal discussions of cyber safety rules. She also mentioned installing firewalls and using cybersecurity insurance that would help mitigate the consequences of cybersecurity breaches.
Manahan explained that in time, the district might come to a zero-trust network that requires a multifactor authentication, but there were also some inconveniences with that type of security, especially when it comes to the youngest students.
“I will tell you that technology is both a wonderful thing and a very scary thing,” MSD of Steuben County Superintendent Matt Widenhoefer summed up.
Manahan agreed that frauds and cyber-attacks were becoming more and more frequent, and MSD had already experienced both on several instances, even though the district systems were not hacked, and no one managed to enter the school internal network and data.
However, the attempts made the administration aware of the necessity to strengthen personal information control. New administrative guidelines state that the employees are required to safeguard their personal information and if they need to update the data on their official documents, they should come to the main office for that.
“While sometimes it’s an inconvenience for some of our staff members because they are busy individuals, they have families and kids and so forth, we feel prudent that we can protect their personal information a little bit better,” said Widenhoefer.
