Why DDoS Security is Critical for your School (and what is DDoS, anyway)?

If you regularly follow our blogs, you’ve read about the dangers of Phishing and Ransomware, but there’s a third method of cybercrime that can be just as damaging: a DDoS attack, or “Distributed Denial of Service.” A DDoS attack occurs when a hacker takes control of thousands of computers and aims traffic at a single server, overwhelming its network to knock it offline or slow it to a crawl. Without appropriate DDoS security protocols, an attack can cause mass and immediate disruption.

EdTech Magazine reports that DDoS attacks “are on the rise. For schools, the attacks can shut down websites, phone systems and prevent users from accessing the internet and applications.” Here are some recent examples of school-related DDoS security issues in recent years,:

  • The Miami-Dade County Public school system was unable to provide online testing for three days after a series of DDoS attacks crippled their new, high-touted computer-based standardized testing system.
  • Minnesota Department of Education twice had to suspend its state testing when a DDoS attack kept students from logging into its online assessment system.
  • The St. Charles, Illinois school district lost online access for employees and all of their 13,000 students. According to a report from eSchool News, “the hackers cut off the entire district’s internet access for four hours at a time and then repeated the process 10 more times over the following six weeks.” Eventually, two students were charged in the attack.
  • Rutgers, Arizona State and University of Georgia have all been victims of recent DDoS attacks. After an attack, Rutgers spent $3 million dollars and raised tuition 2.3% just to upgrade their DDoS security, and then became a DDoS victim again less than a year later.

The Simplicity of a DDoS Attack

Many schools, even those that are on the alert to cyberthreats, may not be paying much attention to their DDoS security. But it doesn’t take a cyber-genius to launch a DDoS attack. You can find relatively simple how-to videos on popular sites such as YouTube. The ease of launching such an attack, combined with inadequate DDoS security, makes this scheme popular with a wide variety of groups as a form of protest, as an act of “revenge,” as a distraction from another cyberattack, or even just for “fun.”

The lack of DDoS security can also harm schools through their vendors or partners. In September of last year, millions of families across 45 states were impacted by a DDoS attack on the app Infinite Campus, which provides a “Parent Portal” allowing parents and students the ability to check grades and other information.

How To Implement Your DDoS Security

Schools have become a target for cybercriminals, accounting for 13 percent of all data breeches in the first half of 2017, which involve nearly two billion student and parent records. But schools can incorporate numerous strategies to increase security, including their DDoS security, such as by switching to cloud networking, monitoring cyber-traffic for abnormal patterns, and adding backup internet service providers to keep networks up and running. School districts can also upgrade their firewall protection and their network architecture. Sounds like a lot of work? It can be.

That’s why Single Path partners with schools to help protect their IT technology from hackers, and to make upgrades and changes as easy and as turnkey as possible. We consult and implement, provide continual monitoring, and can also educate your staff on data security best practices. We also provide a wide variety of Managed/Cloud Services. DDoS security can be challenging, which is why you need a team like Single Path to help protect your organization from harm.

Ask us how to get started!

 

 

 

6 Ways to Improve Employee Cyber Security Awareness, for Businesses and Schools

According to Accenture’s Cost of Cyber Crime Study, the average cost of cyber crime in the United States reached $21.22 million per organization last year (compared to $17.26 million the year before). But you can’t depend solely on your IT department for your cyber security. After all, a chain is only as strong as its weakest link. Improving cyber safety means increasing employee cyber security awareness throughout your entire business or school.

Here are the 6 top ways you can get your employees on board to increase engagement and improve employee cyber security awareness.

  1. Education

Do your employees or staff know:

  • Working remotely using an unsecure Wi-Fi connection leaves computers vulnerable to attacks?
  • Using personal, unsecured devices for work can open the door to compromising an organization’s network?
  • What employees say and do on social media can be tracked by cybercriminals and used against them in the workplace?

Chances are, some if not all of those points may surprise some people on your team. Most experts agree that the #1 key to cyber security compliance at a business or school is educating staff on the risks. For example, in addition to the above bullet points, does everyone on your team know how to spot a Phishing email (see our earlier blog post, How to Spot a Phishing Email), or the risks of using a thumb drive (see our post, USB Security Risks: When Flash Drives Become Dangerous)? An educated team, with increased employee cyber security awareness, makes for a more secure organization.

  1. Assign Mandatory Training

Recently we came across an article in Forbes Magazine that recommended, “Employees and management from all industries should be assigned mandatory cyber security compliance training every year.” This requirement can be administered with computer-based training modules and tied into annual reviews. When implementing training you’ll want to ensure executive and management support, a way to measure success, and also consider incentivizing participation (for more information, check out our earlier blog post, We’re Only Human: The Importance of Security Awareness Training.)

You may want to work with an outside partner to implement training, such as Single Path. We’re well versed in educating and training staff in the most up-to-date cyber security best practices.

  1. Establish and Promote Simple Procedures

More often than not, employees are happy to follow procedures as long as they are aware of them, and they are easy understand. Create organization-wide procedures for your team to follow. Make sure they are functional, actionable and simple.

Once you have those procedures in place, figure out the best way to communicate them within the organization. Keep communication friendly, and avoid hard-to-understand cyberspeak. Says Ashwin Ramasamy, co-founder of marketing intelligence company PipeCandy, “We use comic book-like imagery and sci-fi and comic language in posters across the office that reinforces the message without being suffocating.” Choose a method of communication that will resonate with your team.

  1. Encourage Reporting of Incidents

The best-trained employees can still fall for a hacking ploy from time to time, such as opening a file or clicking a link without thinking. Even IT professionals fall for these tricks. But if a user feels foolish for falling for an attack, and are embarrassed, he or she is less likely to report it. Create a reporting system that rewards staff for reporting suspicious messages, and that allows them to share mistakes without penalty or stigma.

  1. Have Employees Manage Initiatives

Rather than protocols created only by management, make cyber security policy an employee-managed initiative. Create a committee with representatives from every department, and make it their responsibility to set procedure, communicate policy and enforce compliance. Department participation, where everyone feels included, helps ensure individual buy-in.

  1. Make Awareness a Part of New-Employee Orientation

Employees expect to learn rules and processes when they start a new job, and making cyber security a part of their new-employee orientation stresses its importance, and immediately lays the groundwork for your expectations. An employee handbook is also a great place to publish protocols and procedures.

Your Employee Cyber Security Awareness Partner

To implement an employee cyber security awareness program it helps to have a proven partner. Single Path has helped countless businesses, schools and other organizations create a robust, living program that connects employees and staff to best practices. We can help you create a functional and effective cyber-threat strategy for your school or business. Single Path Security offerings are extensive, collaborative and modern.

Ask us how to get started!

Five Top Cyber Security Threats for 2019

Cyber security concerns have been around for as long as there has been cyber-anything. The first computer virus was found infecting computers in the early 1970’s and the first malware author was convicted in 1988. Those early infections were primitive compared to today’s hacking threats, which continue to grow more complex and sophisticated. While it’s vital to be prepared against any contingency, no matter how remote, we consider these to be the top cyber security threats for 2019.

Cryptojacking Rising

Ransomware has grown by 350% according to a report by Dimension Data, and accounts for 7% of all malware. It has been reported that ransomware costs American businesses north of 75 billion dollars a year, with most attacks never publicly disclosed. The biggest increase in ransomware is expected to take the form of Cryptojacking, also known as “Cryptomining malware.” We discussed the problem of Cryptojacking in a recent blog post, in which we described how hackers can hijack computer processing power to mine cryptocurrency. We expect these cyber security threats for 2019 to continue to grow.

Software Subversion Expanding

As Security magazine reports, “While exploitation of software flaws is a longstanding tactic used in cyber attacks, efforts to actively subvert software development processes are also increasing.” In other words, the software you download may be infected, giving hackers a back channel into an entire network. Malware has even been detected in open source software libraries. Another variant is this: hackers may offer software that is spelled slightly different than a popular application (such as adding an “s” or leaving out a letter), with the only other difference being the inclusion of malware. So be careful what you download, even if it’s from a seemingly trusted source.

Cybercriminals Uniting

One of the top cyber security threats for 2019 is due to the expanding resources available to cybercriminals. Historically, many cybercriminals have worked alone, or in small groups. That’s starting to change. The proliferation of hacker forums and chat groups have launched a robust black market where cybercriminals buy and exchange malware, botnets and other criminal resources. The availability of these rogue offerings means that even inexperienced, or less able, hackers can launch sophisticated attacks. These “malware-as-a-service” opportunities will only continue to grow, which will result in an increased number of cyberattacks, especially in regards to identity and credit card theft. If you think the threats are numerous now–and they are–an aggressive and nearly overwhelming wave of attacks may be on the horizon.

Synergistic Threats Increasing

GandCrab has been in the news frequently. Discovered in January, GandCrab is a ransomware Trojan horse, encrypting files on a computer and then demanding payment to decrypt them. Just recently, the group behind GandCrab has targeted users visiting adult websites, asking for money to keep silent about their potentially embarrassing visits. This, however, is just a ruse to mask their real intent. When a user clicks on the email link, he or she inadvertently installs the GandCrab ransomware onto his or her computer.

GandCrab has grown to be so large, they are actually soliciting cybercriminals to partner with them. As McAfee reported, “At the end of September, the GandCrab crew started a ‘crypt competition’ on a popular underground forum to find a new crypter service they could partner with.” This will let the GandCrab organization expand its criminal activities in new, unforeseen, ways.

In 2019, many experts, including Security magazine, predicts attackers will continue to combine tactics to create multi-faced, or synergistic, threats. To combat them, organizations will also need to synergize their defenses.

Social Media Misinformation Mounting

The proliferation of Russian-originated Facebook pages influencing the 2016 U.S. presidential elections has been well documented by news sources across the world. So it shouldn’t be a surprise that cybercriminals are eyeing social media as offering rich opportunities for criminal enterprise, with posts and pages displaying an impressive degree of professional-looking design for dishonest purposes. Botnet operators are able to test messaging just like a marketer, including the use of hashtags, to determine the success rates of their misinformation.

Social media platforms are aware of the potential abuse, and are focusing their resources on stopping it, but with so many users, and so much data available on sites, criminals will further focus their resources on these big-scale platforms.

Protect your business from the Cyber Security Threats for 2019

These five cyber security threats for 2019 are just the tip of the iceberg. There are many more threats out there, many of which we may not even be able to imagine yet. The only thing an organization can do is to be prepared with smart, sophisticated technological resources and by adhering to best Internet safety practices. Consider Single Path your partner in anti-crime. Single Path Security Offerings run the gamut from employee training to insider threat solutions. We’ll help you be prepared for the cyber security threats for 2019 and also those still to come.

Ask us how to get started!

The Value of an Emergency Alert System

Emergencies happen, and when they do, the ability to immediately communicate with your team and emergency responders can be critically important. A natural disaster. A weather alert. A gas leak. Or, something darker. Regardless of the problem, having a communication system in place can make the difference between keeping people safe or leaving them in peril, and keeping your data and equipment safe, too.

We recently worked with a major league baseball team and built a reliable emergency alert system for them. With tens of thousands of fans at their games, plus dozens of employees and players, a lack of communication during an emergency could have had severe consequences. Whether your organization has a thousand students spread out over a campus, hundreds of employees on multiple floors, or a dozen coworkers in relatively tight confines, communication could be the key to not only their safety, but your organization’s recovery.

In Case of Emergency

Benefits of an automated Emergency Alert System include:

  • Keeping staff and students safe from large-scale threats (major weather patterns, pandemics, terrorist activity and more)
  • Reducing the spread of misinformation
  • Communicating protocols: Automated alerts can specify exactly what to do in the time of crisis
  • Faster response times: Quicker alerts can save lives, and minimize business disruption
  • Web-based system: Alerts can be sent from anywhere
  • Regulatory compliance: Many organizations have different requirements for emergency mass notifications
  • Acknowledgment receipts: So organizations can be confident recipients understand the threat and know what to do

One System, Many Alerts

We’ve recently started working with Cistera to offer their instant communication system, and we feel acquiring this system, or one like it, should be carefully considered by your organization. Cistera already works with organizations around the globe to help keep customers, employees and students safe. Their supply call recording and emergency alert software provides a number of distinct options and benefits for many different kinds of organizations.

For schools, Cistera is particularly advantageous. Their AlertIT bell schedule, notification broadcast and emergency alert software is an integrated application that lets school administrators provide alerts such as emergency closure or other automated announcements to teachers, parents and students. These alerts can be sent via a customized, set schedule or manually, as needed, in seconds. Alerts can also go out to first responders, such as by making automated 911 calls and communicating with campus security and public safety departments during a crisis to unify action plans.

The Cistera AlertIT system lets you:

  • Lock down your school from a mobile or desk phone
  • Connect with security and first responders in an emergency
  • Deliver on-campus and parent announcements and alerts

We’re your partner in safety

A comprehensive eBook published by nonprofit research organization RAND Corporation titled The Role of Technology in Improving K-12 School Safety lists a number of best practices including the importance of ensuring existing systems work with new technologies, creating a comprehensive hazard plan, and examining possible threats. We can help. At Single Path, we work with school systems, organizations and businesses of all kinds to ensure top safety solutions are in place. Whether we’re helping determine the best options to solve a problem, training staff, enhancing an existing system or starting a new one from scratch, our Security Solutions can help any organization stay safe.

Ask us how to get started!

 

 

 

 

How to Create Your School Cyber-Threat Strategy

Cyber-threats are on the rise in our school districts, which often lack the resources to protect themselves, the training to use the resources they have effectively, and even the knowledge to identify which resources are needed.

We wrote about the cyber-threats facing schools in our last blog post. But these problems are epidemic to school districts across the country. As reported by technology and digital learning news source Edscoop.com, “A recent trend in cybercrime indicates that online attackers are increasingly targeting a demographic they know people will rush to protect: K-12 students.” The article details more than three dozen large-scale breaches of student data from cybercriminals from January through October, 2017.

The risk of a cyberattack will only continue to grow, so establishing a holistic cyber-security strategy is critical. Any strategy should include the following elements. Many of these are highlighted in a recent document published by the Council of the Great City Schools, an organization comprised of 70 of the nation’s largest urban public school systems.

1. Physical Security and End-Point Security

On-premises security isn’t only needed to protect students, but the network and computer devices housed inside the school. Using a school-owned computing device is often the easiest way to get access to confidential information. Data centers and control rooms need be locked and monitored. Classroom or office equipment may also be vulnerable to theft, so modern, video surveillance can be a powerful tool, as is locking away machines when not in use, and carefully tracking equipment and reporting lost devices promptly.

2. Employee Training and Network Security

Your network is only as secure as the staff who uses it; an unsecured password can be all a cybercriminal needs to get into your network and see, abuse or share sensitive information. Employee training for proper security protocols is critical for network security, especially for staff who use personal devices in 1:1 environments.

Monitoring who has access to information is also a critical component of network security. As reported by the online security and risk management magazine CSO, “Given the high volume of users entering and exiting a school’s network, establishing the means to identify who can and can’t gain access and which resources they have access to is crucial. For effective cybersecurity, schools should use solutions that can easily identify users and then dynamically assign access to network segments accordingly.

3. Application Security

Hackers can also gain access to your systems directly through your software applications. Downloading and installing regular updates and patches are critical, as we reported in a recent blog post detailing a Cisco networking hack that cut off Internet access and infected more than half a million devices. In that case, those who did not download security patches were left considerably more vulnerable. For that reason, your staff should only use software from trusted sources.

4. Cloud/Data Center Security

With schools moving more and more towards cloud-based solutions, the security of their cloud-based data is a critical component to security. We have touched on the advantages of using cloud computing in a number of past blog posts, including “12 Reasons to Move Your Business to the Cloud”. Cloud computing makes accessing information easier, but demands strict security processes and protections. Still, the benefits far exceed the risks (for many of those risks please see our post, “9 Facts to Know About the Risks of Moving to the Cloud and How To Manage Them”) as cloud computing provides significant back-up security should your data be destroyed or become inaccessible due to disasters both natural and hacker-made.

At Single Path, we are well versed at working closely with school districts to determine their vulnerabilities, providing solutions, and even training staff to ensure policies and protocols are understood and followed. We’re always eager to discuss our many products and services, including Security Solutions and all our Managed/Cloud Services. Let us help you chart a more secure and safer path for your organization.

Ask us how to get started!