Ransomware can burn down a school system’s IT function in an instant. You can be locked out of what is yours and be asked to pay $1 million to get it back. Shady characters knock at the door of K-12 facilities because many schools, specifically public schools, do not have the top end resources for cyber defense.
Armor, a security company, reported 500 cases of ransomware attacks on schools the first nine months of 2019.
As Executive Director for Information Services for the City Schools of Decatur (Georgia), Eston Melton is tasked with overseeing an independent public school district on the outskirts of Atlanta that includes nine schools: one early childhood learning center, five K-2 primary lower elementary schools, two 3rd-5th grade upper elementary schools, one middle school and one high school. In total, there are approximately 5,700 students in Melton’s stead.
One of the key items on his agenda is to protect their safety—inside and out. That means blocking multiple doors, front and back, which he calls “defense in depth.” Melton says protections also must be built into email, individual computers and firewalls that monitor and can limit traffic by geography, or by the protocol being used to exchange information. Lately, the cleverest of the criminals is launching spear-phishing attacks on employees with emails that look authentic.
Some of the best security, Melton says, is training K-12 employees on what to look for in the spear-phishing. Another key component of a secure system is that access to information should be limited to what people need to do their jobs.
Meria Carstarphen believes that technology in schools has to keep pace with today’s cyber criminals. As superintendent of Atlanta Public Schools (APS), she leads the district’s nearly 52,000 students, 6,000 full-time employees and 87 schools, and oversees the system’s $1 billion annual budget. Before coming to Atlanta, she worked as a superintendent in diverse, major metropolitan public school districts like Austin, Texas, and Saint Paul, Minnesota.
From what her experience has taught her, artificial intelligence (AI) is a tool of choice. “There is a move toward the use of AI and machine learning in technology solutions. This significantly enhances the capability of systems and allows them to become better over time as they ‘learn’ your environment.”
Atlanta Public Schools has a host of defensive strategies in cyber warfare, such as randomized administrator passwords (LAPS), implementation of a non-traditional antivirus solution (Cylance), and making strategic changes to segment students from accessing staff networks and systems.
But for public schools, funding can be an issue. With corporations, if there is not a solution in-house for a cyber-related challenge, they can turn to outsourcing. But that is expensive and beyond the budgets of some school systems.
“Outsourcing gives the district some more flexibility to find top talent in specific technologies,” Carstarphen says. “Outsourcing, of course, is very expensive. APS uses a hybrid approach. We have a small security team, but use external vendors to support our needs.”
The problem is that most organizations, including school districts, do not invest significantly in cyber security until after a breach has occurred. “K-12 CTOs are incredibly mindful about the importance of investing and advocating for resources when it comes to cyber security,” Melton says. “We need to make every dollar count. So when you do have limited resources, compared to IBM, then we need to be really mindful that we’re putting as much as we can into ensuring a safe data environment.”
Click Here to Read More
Subscribe to EnvisionED K-12 Magazine
EnvisionED K-12 Magazine is a community-focused content platform for K-12 business officers featuring inspiring stories, new ideas and useful insights shared by your peers.
Subscribe to the digital platform to be among the first to receive updates when new articles and relevant information are available!
Visit EnvisionED K-12 Magazine and subscribe today!
Sponsor Content