Recently, schools in Montana and Texas were the victim of a cyberattack where hackers pilfered names and phone numbers for parents of students and then sent threatening emails and/or text messages unless hackers are paid a sum of money.Thankfully none of the aforementioned threats were been deemed credible. I can only speculate that hackers either accessed the school’s student information system, or some other internal server to amass such details. This alone should invoke a sense of fear in education of an urgent need to do more to secure your information systems.
While you may have certain security products to protect your assets, their presence may lull you into a false sense of security. Security products are only as good as their configuration and even then, certain cyberattacks may get past them.
This is the reason why you need to apply “Defense in Depth” principles and apply multiple layers of security. For example, most K-12 schools should be able to segment their network and apply access control lists to control internal traffic. There are some sizable schools out there that run everything on one flat network and others who have segmented their network, but didn’t apply any ACLs.
In either case, the result is the same, any system can talk to any other system which means once hackers have compromised *any* internal machine, they can then attack other internal systems until they have reached their goals.
Which brings us to the next point, one of the most overlooked aspects of cybersecurity in educational institutions is capturing and analyzing logs from firewalls, switches, routers, servers, etc. If you’re not watching your logs, then you’re missing your opportunity to not only detect security issues, but also prevent security breaches. Building a centralized system to aggregate and analyze logs can be a daunting task, but the payoff comes when you can detect and remediate security incidents before they become security breaches.
Keep in mind that just because you may have outsourced most of your servers or services to a cloud provider doesn’t mean you have any less of a responsibility to keep tabs on those systems. Hackers have been hammering on Microsoft Office 365 recently trying to brute force service accounts in hops to gain a foothold in your environment.
Here are handful of questions you should be asking any cloud provider:
- What firewall do you use to protect our information in your cloud?
- Can your firewall detect and stop brute/force dictionary attacks?
- Can you Geo-Block our cloud services to the United States?
- Is there an audit log of what user account logs in from what IP address?
- Can user accounts be locked out after a certain number of failed logins?
- Can we receive an email when an account is locked out?
- Can we set password complexity rules for users?
- Can we implement 2 Factor Authentication for certain login accounts?
- Where can I see a log of login attempts to our cloud system?
While cloud services can offer certain benefits to school systems, it also means you need to be more vigilant since those systems are now arguably more exposed to outside attacks than if you had them in-house.
As a final note, You already have response plans for things like infectious outbreaks, bomb threats, etc. so do you have a written plan for when your school systems are breached? If not, you should strongly consider developing one in order to avoid any costly mistakes than can jeopardize any legal investigation.