As computer systems become embedded in every aspect of our lives, no one is safe from cyber attacks. Public schools are particularly vulnerable, as they store sensitive data on their students and employees but often lack the training and equipment to adequately defend it. A recent attack against the Morton School District in Illinois demonstrates just how widespread the risk is. It also serves as an example of what school districts should and should not do to prevent and respond to attacks, potentially helping other schools to keep themselves safe in the future:
Analyzing The Attack
On 31 January 2017, Russian hackers used a phishing scam to gain access to sensitive data from the Morton School District in Tazewell County, Illinois. The hackers sent an email claiming to be from Lindsey Hall, the district’s superintendent, requesting information for W2 forms. A staff member responded to the email by sending out the names, social security numbers, and salary information for 400 of the district’s employees. When the employee received another email from that address requesting more information, she became suspicious and contacted the police. Investigators determined that the email had not come from the superintendent, tracing it to Russian servers instead.
Because the district acted quickly, the potential damage from this attack is low. Although the hackers learned the social security numbers of 400 employees, they did not receive their birth dates or addresses, limiting what they can do with those figures. Authorities provided the employees who were affected by tracking applications they could use to analyze unusual activity that involved their social security numbers. Nonetheless, the fact that Russian hackers successfully stole information from an Illinois school district is unsettling, prompting concerns that other schools may be at risk.
In many ways, the Morton School District is a model for how to respond to cyber attacks. The staff quickly identified suspicious activity, contacted the authorities, and took the necessary steps to keep themselves safe. Ideally, however, school districts should never have to respond to the attack in the first place. Districts should maintain the risk of hacking to a minimum by:
intivix offers schools, businesses, and all other San Francisco institutions with valuable cyber security support. For more information on keeping yourself safe, contact firstname.lastname@example.org or (415) 543 1033 today.