Why DDoS Security is Critical for your School (and what is DDoS, anyway)?

If you regularly follow our blogs, you’ve read about the dangers of Phishing and Ransomware, but there’s a third method of cybercrime that can be just as damaging: a DDoS attack, or “Distributed Denial of Service.” A DDoS attack occurs when a hacker takes control of thousands of computers and aims traffic at a single server, overwhelming its network to knock it offline or slow it to a crawl. Without appropriate DDoS security protocols, an attack can cause mass and immediate disruption.

EdTech Magazine reports that DDoS attacks “are on the rise. For schools, the attacks can shut down websites, phone systems and prevent users from accessing the internet and applications.” Here are some recent examples of school-related DDoS security issues in recent years,:

  • The Miami-Dade County Public school system was unable to provide online testing for three days after a series of DDoS attacks crippled their new, high-touted computer-based standardized testing system.
  • Minnesota Department of Education twice had to suspend its state testing when a DDoS attack kept students from logging into its online assessment system.
  • The St. Charles, Illinois school district lost online access for employees and all of their 13,000 students. According to a report from eSchool News, “the hackers cut off the entire district’s internet access for four hours at a time and then repeated the process 10 more times over the following six weeks.” Eventually, two students were charged in the attack.
  • Rutgers, Arizona State and University of Georgia have all been victims of recent DDoS attacks. After an attack, Rutgers spent $3 million dollars and raised tuition 2.3% just to upgrade their DDoS security, and then became a DDoS victim again less than a year later.

The Simplicity of a DDoS Attack

Many schools, even those that are on the alert to cyberthreats, may not be paying much attention to their DDoS security. But it doesn’t take a cyber-genius to launch a DDoS attack. You can find relatively simple how-to videos on popular sites such as YouTube. The ease of launching such an attack, combined with inadequate DDoS security, makes this scheme popular with a wide variety of groups as a form of protest, as an act of “revenge,” as a distraction from another cyberattack, or even just for “fun.”

The lack of DDoS security can also harm schools through their vendors or partners. In September of last year, millions of families across 45 states were impacted by a DDoS attack on the app Infinite Campus, which provides a “Parent Portal” allowing parents and students the ability to check grades and other information.

How To Implement Your DDoS Security

Schools have become a target for cybercriminals, accounting for 13 percent of all data breeches in the first half of 2017, which involve nearly two billion student and parent records. But schools can incorporate numerous strategies to increase security, including their DDoS security, such as by switching to cloud networking, monitoring cyber-traffic for abnormal patterns, and adding backup internet service providers to keep networks up and running. School districts can also upgrade their firewall protection and their network architecture. Sounds like a lot of work? It can be.

That’s why Single Path partners with schools to help protect their IT technology from hackers, and to make upgrades and changes as easy and as turnkey as possible. We consult and implement, provide continual monitoring, and can also educate your staff on data security best practices. We also provide a wide variety of Managed/Cloud Services. DDoS security can be challenging, which is why you need a team like Single Path to help protect your organization from harm.

Ask us how to get started!

 

 

 

Cyber Incidents for K-12 are Rising. Is Your Student Data Vulnerable?

Data leaks are becoming so commonplace it seems like we’re almost becoming immune to them. Another ransomware attack on a business. Another virus crippling a network. Another identity theft scam. But then something happens that shakes us up and reminds us … this is not okay. Such as when an attack hits a little too close to home. For example, this—hackers are now specifically targeting schools.

CNN reported that a school district in Montana was forced to shut down more than thirty schools for three days after hackers infiltrated their network. The hackers sent threatening text messages to staff and students. School Superintendent Steve Bradshaw explained, “The messages weren’t pleasant messages. They were ‘splatter kids’ blood in the hallways,’ and things like that.” The messages also included disturbing references to “Sandy Hook.” But the hackers weren’t done. They also demanded up to $150,000 in bitcoin or they would release stolen school records. At least three other states were hit with similar school data extortion attempts.

Malicious hackers are going after schools because of a combination of weak data security and available information that is ripe for exploitation. As schools rush to incorporate technology in their schools, security protocols are sometimes afterthoughts. Vulnerable information can include social security numbers, birth dates, medical records and financial information.

An attack leaves one school district $10,000 poorer

Can your school afford to send ten grand to a hacker? Leominster Public School district officials recently had to ask themselves that question. A hacker attack left this Worcester County, Massachusetts school district unable to access email, health services, food services, library services, help desk and file services, backup services and more. The attackers demanded $10,000 to decrypt the files. Despite FBI warnings to never pay ransomware, the district felt they had little choice but to pay up. “If we had not used the option of paying the ransom for the decryption of our files, we would most assuredly be in for a much longer recovery at a much higher cost,” said Leominster Superintendent of Schools Paula Deacon. “In the case of one of the file servers, there were over 237,000 files which were encrypted, covering all departments in Central Office.”

According to an article in the Leominster Champion newspaper, the school is now making changes to their network to remove vulnerabilities including replacing old computers. The cost of this overhaul? More than $435,000. 

It’s a bigger problem than you think

How many school cyber incidents do you think have occurred in the last two years? Ten? Twenty? Try more than 330 (and growing)! In an attempt to categorize, defend and combat these threats, EdTech Securities has published a map that includes all manner of school-related cyberattacks including data breaches, phishing attacks and “other occurrences that lead to school and personal information being exposed.”

Check out the Interactive Map

The amount of exposure and consequences of those incidents vary widely. The Wall Street Journal recently reported on a number of cyber incidents including: 

  • Hackers in Iowa’s Johnston Community School District released school and parent information along with threats to kill the children. A hacker claimed the information was released to help child predators.
  • Hackers stole $56,000 worth of paychecks being sent via direct deposit to Atlanta Public School employees
  • Hackers stole $75,000 from employees of the Fulton County School district in Georgia

One state gets ahead

Many school districts are realizing the threats of a cyberattack are all too real, and are proactively working to protect themselves. Schools in Indiana are leading the way. As reported by Indiana Public Media, the Indiana Department of Education has targeted thousands of dollars in cyber funding for certain schools. Schools can apply for matching grants of up to $25,000 to build up their cybersecurity systems and improve 24-hour system monitoring. Says Chief Technology Officer John Keller, “Cybersecurity is a layered concern that goes across really all sectors. I mean, it’s not just a teacher thing or a school administrator thing, it’s our students, our staff.”

What you can do

Waiting until a cyberattack hits can be costly to schools and devastating to the families or staff whose information is breached. Fortunately, there are many resources available. For example, the U.S. Department of Education provides a number of cyber-resources and documents related to Security Best Practices, from a Data Breach Response Training Kit to a Data Security Checklist. But it can be daunting to read and figure out exactly what you need to do, especially without a partner to help guide you.

At Single Path, we work with schools across the country to help them uncover and tighten up weaknesses, implement security measures, and create recovery plans if the worst happens. We can help overhaul your entire system, as we did for Great Lakes Academy in Chicago, provide training like we did for Saint Anne Parish School in Barrington, Illinois, and offer any or all of a full range of security offerings.

Ask us how to get started!

 

School Technology Resources: The Four Things Superintendents Need to Know

school-technology
The vision, a path to get there, and the tools and encouragement to reach it—the superintendent’s leadership is critical in defining all those and more, and nowhere is this more evident than in defining the district’s school technology initiatives. Whether these tasks are delegated to a team, an individual, or even taken on by the superintendent himself or herself, the importance of these tasks cannot be underestimated. And the time to act is now. According to Forbes Magazine, a recent survey by TES Global showed 96% of teachers reported that technology made a significant impact in the classroom.

Education technology is a growing part of any superintendent’s role, but with this responsibility comes not only the excitement of possibility, but also trepidation. There is a lot to tackle, and the learning curve can be long. But if the superintendent understands the following four key elements, he or she can navigate even the rockiest technology waters effectively.

  1. Define Goals

It’s tempting to want to just jump onto the technology bandwagon, but look before you leap: you have to know where that wagon is headed. There are just too many different options out there! Before taking the leap to enhance school technology, the superintendent needs to look at the landscape and figure out not only what technology, but also why the technology. Start with the objective you want to achieve, whether it’s individualized student instruction, augmenting teacher-parent communication, facilitating resource sharing, or all the above.

According to a post by the Center for Digital Education, schools should, at minimum, strive to meet these five technology goals:

  • Make learning engaging and individualized
  • Measure student progress against college and career ready standards
  • Connect teachers to tools and individuals who can help them become effective
  • Provide broadband connectivity for students
  • Use technology to become more productive, improve student learning and manage costs
  1. Create the Right Team

This isn’t a one-person job. Ensuring the right team is in place is critical for successful technology implementation. As we wrote in our blog post, 5 Ways To Keep Your Teachers and Staff Up-to-Date on Technology, the support team should be flexible and available to train others on any new tool. Your Tech Team can consist of teachers, administrators and support staff. But whoever is chosen, they must be accessible, eager and part of making the decisions that matter. An empowered team is a more effective one.

  1. Proper Training

Just like there are a wide range of technology options, there is a wide range of your staff’s comfort in using them. Some staff members may pick up technology quickly, while others may need a more time-consuming helping hand. But everyone who will be using the technology needs to understand it properly. Technology without proper training is like giving a student a textbook without instructions or lesson plans!

With so many tools out there, each one that is incorporated into curriculum, or into the daily learning environment of the classroom, is doomed to fail without a mastery of expectations and instructions. The right team will go a long way in ensuring proper professional development.

  1. Measure Success

Technology should constantly be examined to ensure it’s meeting expectations. In our recent blog post, The Four Main Steps When Choosing Technology For Your School, we referred to an article on ISTE.org, which stressed how leaders need to continually assess how effectively the technology is being applied. Regular evaluation of how the technology is impacting student assessment and achievement is vital, as is continuously ensuring teachers are successfully applying the technology. Without defining clear metrics to measure success, there will be no way to gauge whether the technology is meeting expectations.

While the potential of EdTech is enormous, it is also daunting. But with the proper leadership and expectations, schools can quickly embrace, master and thrive with the new resources at their disposal. It all starts from the top. And with the superintendent’s blessing, understanding and encouragement, schools are likely to see significant benefits.

At Single Path, we work closely with school districts, top to bottom, to provide custom IT solutions for K-12 schools and districts. We help them understand the technology options, choose the right ones, master them, and ensure the team is using them to maximum benefit. We’re not just an IT resource, but a true collaborative and consulting partner providing expert advice, analysis of your needs, access to cutting-edge technology and assisting in its implementation and ongoing service and support.

Ask us how to get started!