Blog

Categories
Cybersecurity - Detection and Response Blog

Cyberattacks target schools, too.

Cyberattacks target schools, too.

NBC News recently shared this report about schools in Columbia Falls, Montana that were targets of a cyberattack. Hackers accessed students personal data—social security numbers, phone numbers—and threatened to release that data and hurt children unless a ransom was paid. The hackers also accessed school security cameras and could watch everything going on. This school district lies in a quiet town at the foot of Glacier National Park, showing that threats can affect any organization, anywhere.

There’s nothing Columbia Falls can do to protect the student data that’s already been stolen. Parents will have to monitor their kids’ credit reports to watch for signs of misuse in the future.

At WorkSmart, we know well the struggles schools face when choosing between cybersecurity and a tight budget. Schools house valuable information, and the NBC News report noted that “the Department of Education is encouraging schools to conduct security audits and to train staff on cybersecurity best practices, including how to avoid being targeted by social engineering schemes, such as fake emails that look real but, if clicked, can provide hackers access into the school’s system.”

We urge all our clients to budget for cybersecurity services, and Security Awareness Training for end users is critical to protecting any organization.

The most common issues we see with schools are:

Improperly-secured wireless networks

A well-secured wireless network means that the school can control access to their internal systems and data. Separating your guest wi-fi network from your internal network is important. 

Use of unprotected cloud-based file systems (like Dropbox or Google Docs).

When schools don’t put protected and easy-to-use file management solutions in place for their staff, teachers resort to tools they’re more familiar with and can access anywhere. And that makes the school network vulnerable.

Lack of cybersecurity training

Training staff on how to spot a phishy email is critical, and training needs to be ongoing. Security Awareness Training is easy to implement, inexpensive, and WorkSmart can help.

If you’re concerned about how well your data is secured or whether your end users can spot an email threat before they click, call us. We’re ready to help.