Now more than ever we must train our district personnel on good cyber-hygiene. I remember when serving as Director of Network Operations and then CIO some years ago, sending out the quarterly email reminding all employees to not open suspicious emails, and to never ever respond to work emails requesting personal information – under any circumstances. Although that warning always did some good, we inevitably encountered that small percentage of employees who did not heed the warning. Back then, the impact to those compromised employees might have been email spoofing, and my personal computing and support staff having to visit and clean their machine. Today, however, the risks are much greater.
Now, it only takes one compromised device to introduce highly evasive and signature-less malware infections onto a network. Well beyond email spoofing, today’s cyber-attacks include spear phishing, ransomware, data exfiltration (think LMS and Student Information Systems) and denial-of-service attacks. That is why I firmly believe that we must take a stand against the cyber risks we face every day as we move to a more open network posture by training our employees!
The fact is our districts rely on teachers and staff to educate our kids and to be there to help them as they grow. However in a recent hearing before the House Committee on Education “Protecting Privacy, Promoting Data Security: Exploring How Schools and States Keep Data Safe” a panel of security experts – including some of my colleagues – identified accidental online errors by school staff as the main threat to protecting schools.
As we know, schools are highly attractive targets for hackers who consider school networks data-rich environments, rife with Social Security numbers, medical information and test scores. In some cases, our students’ identities are compromised before they graduate from middle school. During the recent hearing on Capitol Hill, experts stated that they have seen an 85 percent increase in phishing attacks over the past year in some states.
The fact is, districts must establish increased education and a heightened level of awareness for teachers if we are to significantly reduce phishing attempts and the tremendous impact their exploits produce. Cyber-hygiene training can make a real difference, yet many districts have not embraced this solution. In addition, when coupling the lack of training with insufficient threat management and intelligence technology, it is no wonder that the 2016 Verizon security report cited K-12 education as the second most vulnerable sector following healthcare.
Here at iboss we are convinced the combination of cyber-hygiene training and cybersecurity technology built to protect the most complex and regulated sectors – including finance and banking – is the footing all school districts must consider. That is why iboss serves as National Mission Sponsors for the National Advisory Council on Cybersecurity, www.naccedu.org , and why we believe our cybersecurity technology leads the pack across the K-12 sector: We like to say our solution is built for the enterprise, and tuned for K-12
Please visit me and other members of the iboss team at booth# 427 at the upcoming Gartner Security Summit June 4-7th
Richard Quinones has spent over 20 years taking on important IT leadership roles at the county, state and national levels. His past experience includes being appointed Los Angeles County’s first chief education technology officer, where he led the delivery of IT services across 80 school districts and five community colleges. He was also appointed senior IT advisor to the National Advisory Council on Education Technology (NACET), and commissioned to advance the roll-out of the U.S. President’s National Public Schools Broadband Initiative. He has also served as senior technology advisor to Los Angeles Unified School District officials, including the office of the chief information officer, and chief executive officer of strategic planning and digital innovation. Richard holds a master’s degree in public administration with an emphasis in e-government from University of La Verne.