Why DDoS Security is Critical for your School (and what is DDoS, anyway)?

If you regularly follow our blogs, you’ve read about the dangers of Phishing and Ransomware, but there’s a third method of cybercrime that can be just as damaging: a DDoS attack, or “Distributed Denial of Service.” A DDoS attack occurs when a hacker takes control of thousands of computers and aims traffic at a single server, overwhelming its network to knock it offline or slow it to a crawl. Without appropriate DDoS security protocols, an attack can cause mass and immediate disruption.

EdTech Magazine reports that DDoS attacks “are on the rise. For schools, the attacks can shut down websites, phone systems and prevent users from accessing the internet and applications.” Here are some recent examples of school-related DDoS security issues in recent years,:

  • The Miami-Dade County Public school system was unable to provide online testing for three days after a series of DDoS attacks crippled their new, high-touted computer-based standardized testing system.
  • Minnesota Department of Education twice had to suspend its state testing when a DDoS attack kept students from logging into its online assessment system.
  • The St. Charles, Illinois school district lost online access for employees and all of their 13,000 students. According to a report from eSchool News, “the hackers cut off the entire district’s internet access for four hours at a time and then repeated the process 10 more times over the following six weeks.” Eventually, two students were charged in the attack.
  • Rutgers, Arizona State and University of Georgia have all been victims of recent DDoS attacks. After an attack, Rutgers spent $3 million dollars and raised tuition 2.3% just to upgrade their DDoS security, and then became a DDoS victim again less than a year later.

The Simplicity of a DDoS Attack

Many schools, even those that are on the alert to cyberthreats, may not be paying much attention to their DDoS security. But it doesn’t take a cyber-genius to launch a DDoS attack. You can find relatively simple how-to videos on popular sites such as YouTube. The ease of launching such an attack, combined with inadequate DDoS security, makes this scheme popular with a wide variety of groups as a form of protest, as an act of “revenge,” as a distraction from another cyberattack, or even just for “fun.”

The lack of DDoS security can also harm schools through their vendors or partners. In September of last year, millions of families across 45 states were impacted by a DDoS attack on the app Infinite Campus, which provides a “Parent Portal” allowing parents and students the ability to check grades and other information.

How To Implement Your DDoS Security

Schools have become a target for cybercriminals, accounting for 13 percent of all data breeches in the first half of 2017, which involve nearly two billion student and parent records. But schools can incorporate numerous strategies to increase security, including their DDoS security, such as by switching to cloud networking, monitoring cyber-traffic for abnormal patterns, and adding backup internet service providers to keep networks up and running. School districts can also upgrade their firewall protection and their network architecture. Sounds like a lot of work? It can be.

That’s why Single Path partners with schools to help protect their IT technology from hackers, and to make upgrades and changes as easy and as turnkey as possible. We consult and implement, provide continual monitoring, and can also educate your staff on data security best practices. We also provide a wide variety of Managed/Cloud Services. DDoS security can be challenging, which is why you need a team like Single Path to help protect your organization from harm.

Ask us how to get started!

 

 

 

How to Create Your School Cyber-Threat Strategy

Cyber-threats are on the rise in our school districts, which often lack the resources to protect themselves, the training to use the resources they have effectively, and even the knowledge to identify which resources are needed.

We wrote about the cyber-threats facing schools in our last blog post. But these problems are epidemic to school districts across the country. As reported by technology and digital learning news source Edscoop.com, “A recent trend in cybercrime indicates that online attackers are increasingly targeting a demographic they know people will rush to protect: K-12 students.” The article details more than three dozen large-scale breaches of student data from cybercriminals from January through October, 2017.

The risk of a cyberattack will only continue to grow, so establishing a holistic cyber-security strategy is critical. Any strategy should include the following elements. Many of these are highlighted in a recent document published by the Council of the Great City Schools, an organization comprised of 70 of the nation’s largest urban public school systems.

1. Physical Security and End-Point Security

On-premises security isn’t only needed to protect students, but the network and computer devices housed inside the school. Using a school-owned computing device is often the easiest way to get access to confidential information. Data centers and control rooms need be locked and monitored. Classroom or office equipment may also be vulnerable to theft, so modern, video surveillance can be a powerful tool, as is locking away machines when not in use, and carefully tracking equipment and reporting lost devices promptly.

2. Employee Training and Network Security

Your network is only as secure as the staff who uses it; an unsecured password can be all a cybercriminal needs to get into your network and see, abuse or share sensitive information. Employee training for proper security protocols is critical for network security, especially for staff who use personal devices in 1:1 environments.

Monitoring who has access to information is also a critical component of network security. As reported by the online security and risk management magazine CSO, “Given the high volume of users entering and exiting a school’s network, establishing the means to identify who can and can’t gain access and which resources they have access to is crucial. For effective cybersecurity, schools should use solutions that can easily identify users and then dynamically assign access to network segments accordingly.

3. Application Security

Hackers can also gain access to your systems directly through your software applications. Downloading and installing regular updates and patches are critical, as we reported in a recent blog post detailing a Cisco networking hack that cut off Internet access and infected more than half a million devices. In that case, those who did not download security patches were left considerably more vulnerable. For that reason, your staff should only use software from trusted sources.

4. Cloud/Data Center Security

With schools moving more and more towards cloud-based solutions, the security of their cloud-based data is a critical component to security. We have touched on the advantages of using cloud computing in a number of past blog posts, including “12 Reasons to Move Your Business to the Cloud”. Cloud computing makes accessing information easier, but demands strict security processes and protections. Still, the benefits far exceed the risks (for many of those risks please see our post, “9 Facts to Know About the Risks of Moving to the Cloud and How To Manage Them”) as cloud computing provides significant back-up security should your data be destroyed or become inaccessible due to disasters both natural and hacker-made.

At Single Path, we are well versed at working closely with school districts to determine their vulnerabilities, providing solutions, and even training staff to ensure policies and protocols are understood and followed. We’re always eager to discuss our many products and services, including Security Solutions and all our Managed/Cloud Services. Let us help you chart a more secure and safer path for your organization.

Ask us how to get started!

Cyber Incidents for K-12 are Rising. Is Your Student Data Vulnerable?

Data leaks are becoming so commonplace it seems like we’re almost becoming immune to them. Another ransomware attack on a business. Another virus crippling a network. Another identity theft scam. But then something happens that shakes us up and reminds us … this is not okay. Such as when an attack hits a little too close to home. For example, this—hackers are now specifically targeting schools.

CNN reported that a school district in Montana was forced to shut down more than thirty schools for three days after hackers infiltrated their network. The hackers sent threatening text messages to staff and students. School Superintendent Steve Bradshaw explained, “The messages weren’t pleasant messages. They were ‘splatter kids’ blood in the hallways,’ and things like that.” The messages also included disturbing references to “Sandy Hook.” But the hackers weren’t done. They also demanded up to $150,000 in bitcoin or they would release stolen school records. At least three other states were hit with similar school data extortion attempts.

Malicious hackers are going after schools because of a combination of weak data security and available information that is ripe for exploitation. As schools rush to incorporate technology in their schools, security protocols are sometimes afterthoughts. Vulnerable information can include social security numbers, birth dates, medical records and financial information.

An attack leaves one school district $10,000 poorer

Can your school afford to send ten grand to a hacker? Leominster Public School district officials recently had to ask themselves that question. A hacker attack left this Worcester County, Massachusetts school district unable to access email, health services, food services, library services, help desk and file services, backup services and more. The attackers demanded $10,000 to decrypt the files. Despite FBI warnings to never pay ransomware, the district felt they had little choice but to pay up. “If we had not used the option of paying the ransom for the decryption of our files, we would most assuredly be in for a much longer recovery at a much higher cost,” said Leominster Superintendent of Schools Paula Deacon. “In the case of one of the file servers, there were over 237,000 files which were encrypted, covering all departments in Central Office.”

According to an article in the Leominster Champion newspaper, the school is now making changes to their network to remove vulnerabilities including replacing old computers. The cost of this overhaul? More than $435,000. 

It’s a bigger problem than you think

How many school cyber incidents do you think have occurred in the last two years? Ten? Twenty? Try more than 330 (and growing)! In an attempt to categorize, defend and combat these threats, EdTech Securities has published a map that includes all manner of school-related cyberattacks including data breaches, phishing attacks and “other occurrences that lead to school and personal information being exposed.”

Check out the Interactive Map

The amount of exposure and consequences of those incidents vary widely. The Wall Street Journal recently reported on a number of cyber incidents including: 

  • Hackers in Iowa’s Johnston Community School District released school and parent information along with threats to kill the children. A hacker claimed the information was released to help child predators.
  • Hackers stole $56,000 worth of paychecks being sent via direct deposit to Atlanta Public School employees
  • Hackers stole $75,000 from employees of the Fulton County School district in Georgia

One state gets ahead

Many school districts are realizing the threats of a cyberattack are all too real, and are proactively working to protect themselves. Schools in Indiana are leading the way. As reported by Indiana Public Media, the Indiana Department of Education has targeted thousands of dollars in cyber funding for certain schools. Schools can apply for matching grants of up to $25,000 to build up their cybersecurity systems and improve 24-hour system monitoring. Says Chief Technology Officer John Keller, “Cybersecurity is a layered concern that goes across really all sectors. I mean, it’s not just a teacher thing or a school administrator thing, it’s our students, our staff.”

What you can do

Waiting until a cyberattack hits can be costly to schools and devastating to the families or staff whose information is breached. Fortunately, there are many resources available. For example, the U.S. Department of Education provides a number of cyber-resources and documents related to Security Best Practices, from a Data Breach Response Training Kit to a Data Security Checklist. But it can be daunting to read and figure out exactly what you need to do, especially without a partner to help guide you.

At Single Path, we work with schools across the country to help them uncover and tighten up weaknesses, implement security measures, and create recovery plans if the worst happens. We can help overhaul your entire system, as we did for Great Lakes Academy in Chicago, provide training like we did for Saint Anne Parish School in Barrington, Illinois, and offer any or all of a full range of security offerings.

Ask us how to get started!

 

EdTech: How to Invest Wisely

ed-tech
OK, you’ve made the decision to invest in new EdTech resources. Now what? Not only do you have to wade through the nearly overwhelming array of tools at your disposal, but there are so many other things to consider. How? When? Why? What?

In a previous blog post we discussed the four main steps when choosing technology for your school. They were:

  • Set your goals
  • Evaluate your tools
  • Align professional development with your goals
  • Evaluate and re-evaluate

While each of these is a critical component of your EdTech decisions, we’d like to present a fifth step when choosing technology: ROI. Or, better yet ROE, Return on Expectations…or, as we prefer to call it, Return on Education.

ROE vs. ROI

While ROI (Return on Investment) is generally computed from purely monetary considerations by businesses when investing in new equipment, educators must rely on other, harder to define metrics. Simply, cost alone won’t determine the effectiveness of your EdTech.

To use ROE, you not only need to determine your specific goals, but uncover ways to measure them. Otherwise, how can you gauge success? If your goal is student achievement, will you measure it through standardized testing, grades, or some other means? If your goal is to increase student engagement, will you measure that through increased attendance or graduation rates? How will you measure improved teacher performance?

Per the online source The Journal, “ROI is calculated by measuring benefits in dollars. But schools are not in business to make money, and should not measure success in terms of dollars. The business of schools is learning. Of course, if technology projects save money or improve efficiency, then a business-focused ROI is useful, but in general it is important to define the “value” of learning in education.”

How To Measure your ROE

With each and every EdTech expenditure must come the expectation of reward or improvement, but the goal of each new tool can vary widely. The more time and money you put into a tool the more results you should expect from that investment. Only by measuring its effectiveness, and continuing to measure its effectiveness, can you know if the investment was a wise one. Then you can decide if it is worth the effort to continue with that tool, or move on to a different one.

Don’t forget, that your initial investment is not the only cost. Do you need to increase your broadband capabilities or incorporate new hardware? What is the cost of training your educators on using the new tools, and is ongoing training needed? When defining the total monetary costs, consider the total expenditures and time needed over a four-year span to determine the true expenses of your investment.

Creating Metrics

According to a post from educational consultant The Flipper Group, here are the 5 Key Indicators of School Performance:

  • Student Achievement
  • Discipline Referrals
  • Attendance Rates
  • Graduation Rates
  • Teacher Satisfaction

Fortunately, each of these can be measured, whether from statistical comparisons to developing questionnaires and observation (such as in the case of Teacher Satisfaction). Before looking at these numbers, however, you must set your goals. Keep them realistic, but also lofty. Often you may create a range, determining the minimum number for success, but also striving for a ‘best case’ scenario. Once you reach that minimum number, keep aiming for better and greater results.

Define, Define

As discussed in an earlier blog post, defining goals is a critical component of gauging technology’s success. In that post, we referred to a study by the Center for Digital Education, which came to the conclusion that schools should, at minimum, strive to meet these five technology goals:

  • Make learning engaging and individualized
  • Measure student progress against college and career ready standards
  • Connect teachers to tools and individuals who can help them become effective
  • Provide broadband connectivity for students
  • Use technology to become more productive, improve student learning and manage costs

When looking at your EdTech investment, consider each of these points to determine which your new tool will improve. Then, set your method to evaluate them.

We know that defining those goals is not always simple, and neither is setting the gears in motion for measuring them. Finding the right path for your EdTech can be difficult. At Single Path, we work closely with school districts, to help them navigate that path. We provide custom IT solutions for K-12 schools and districts, working closely to help them understand the technology options and choose the right ones. We help implement them, ensure mastery of them, and help maximize their potential. At Single Path, we pride ourselves on not just being an IT resource, but a true collaborative and consulting partner providing advice and ongoing service and support.

Ask us how to get started!