Request a Proposal

Schools under cyber attack

School computers are under attack, from students manipulating grades — to full-blown cyber gang torture.

But parents can do something to help protect their children.

Watch here:

Kids use technology in school like never before.

In April, attackers turned technology against them at the school district in Leominster, Massachusetts.

They locked up files on district computers with ransomware and demanded money to set the files free. 

Posts online show chaos.

E-mail down, part of the schools’ website — nonfunctional.

The electronic lunch payment system went belly up. 

Leominster Public Schools agreed to pay the ransom of $10,000 in Bitcoin, bringing anger and jeers from some in the community.

Attackers have hit other schools, too, in New Jersey, Georgia, South CarolinaMississippi, MaineIllinoisMinnesotaOklahomaMontanaCalifornia, Oregon and more.

Facebook users chided Leominster Public Schools for paying the $10,000 ransom to cyber attackers. Image credit: Facebook

Your school

What about your child’s school — are the computers safe?

“I would answer yes, because I don’t think about it, so it’s not something that’s a high concern for me,” an Oregon parent told Archer News.

For many parents — and kids — the answer is a hopeful yes.

“Because we use them every day?” responded a third-grade boy. “I think our computers are safe because our principal checks them every day and night for scams.”

But experts say we can’t rely on hope to protect our children.

Thirty schools in Montana, including Glacier Gateway Elementary, shut down after a cyber attack & threats in September 2017. Image credit: Glacier Gateway Elementary, Facebook

“Why should parents care?”

Dave Lewis of security company Akamai says some crooks want to not only lock up your kids’ data, but also take it for their own.

Your school is like a bank, rich with valuable info about your child.

“Much in the same way as your financial institution, you expect them to have due care when they take care of your data,” Lewis told Archer News. “You want to make sure that due care is being taken with your children’s data as well, because could affect their future in the long term.”

Treasure trove

How much info could a school have about your child?

Not just name and grades, but date of birth, home address, parents’ names, even Social Security Number, medical issues and psychological issues — all very useful for crooks.

“Once criminals are able to obtain this sensitive data, they may gain access to additional information from public sites — e.g. social media pages— to create a footprint or portfolio of this individual, as well as family members and associates,” said Chris Simpson, Director of the National University Center for Cybersecurity.

“Basically, a criminal can weave a web of information based on gathering data of one person,” he said to Archer News.

Leominster parents said they hoped the district was improving security after the attack.

Kids’ data 

How is the school protecting your child’s data?

Can someone hack into the network and take it?

If so, they can sell it or use it to create a profile of your child.

They can create a credit account in your child’s name and rack up charges.

In some cases, they’ve bought cars and houses with a child’s credit — and parents didn’t find out until it was time for their kids to get jobs or file for student loans.

“Parents should think about cybersecurity in every aspect of their lives,” said Travis Smith with security company Tripwire.

“Schools especially because they typically don’t have the funding that other places have, so their cybersecurity practices might be lacking,” he said.

And schools may be a growing target.

Glacier Gateway Elementary in Montana reported threats after a cyber attack in September 2017.

Target: schools

A survey in 2015 showed 1 out of 5 parents reported getting notice of a data breach at their child’s school, according to the National Cyber Security Alliance and ESET.

In 2016, reports of ransomware attacks at schools exploded.

In 2017, an online group tortured schools in three states, Texas, Iowa and Montana, not only stealing children’s info, but also sending out threatening messages.

“I’m going to kill some kids at your son’s high school,” said one.

“Splatter kids’ blood in the hallways,” said another.

The Dark Overlord group said it hacked school networks and then sent threatening messages in October 2017. Image credit: KCCI

School warning

The U.S. Department of Education warned schools last fall to do security audits, train staff on data security, and make sure attackers can’t get to kids’ sensitive data.

Have schools followed through?

It’s time, experts say, for parents to ask about school security.

“The first question I would ask is, ‘What are you using and what practices do you have to make sure that that data doesn’t get leaked?’” said Smith.

You can also ask things like this, Simpson said:

—Do the schools monitor for attacks? 

—The National Institute of Standards and Technology provides security guidelines. Are the schools following NIST or other standards for school security?

—Do the schools have a data breach response plan, in case the bad guys get through?

“You have to advocate on the part of your kids,” said Lewis. “You have to ask the questions. You go to your school. You go to the school board, school trustees.”

Schools in the Johnston Community School District in Iowa shut down after a cyber attack & threats. Image credit: Horizon Elementary PTO, Facebook

Asking questions

Some kids are aware that there could be danger. 

“Do you think that the computers are your school are safe?” a parent asked their child, a fifth-grade girl.

“Yes, because, well, they have everything secure and figured out and are keeping us safe from the bad things on the computer,” she answered. “But no, because they’re still figuring out some things that keep happening and are bad and not great.”

Threats from the Dark Overlord group to Montana schools.

In an age where a cyber gang can terrorize schools from afar, freeze school computers and cause chaos, and even drag down a child’s credit history for years to come, asking questions could save your child’s future.

“As a parent, you want to know. As a school, you want to make sure you’re doing that so you don’t have to have the uncomfortable conversation with the parents later,” said Lewis. 

“And don’t be afraid to ask the questions, because these are questions that people should be asking,” he added.

You may say, ‘Well, I’ll just wait for next fall to ask.’

Experts say that’s too late — schools will have already made their technology decisions. 

Ask now, and your kids could be more secure when school starts up again. 

Here’s a list of questions you can ask:

—Do the schools monitor for attacks?

—The National Institute of Standards and Technology, or NIST, provides cybersecurity guidelines. Are schools following standard practices for cybersecurity? 

—Do the schools have a data breach response plan, in case the bad guys get through?

—Do they limit who can access your child’s sensitive data online?

—Do they encrypt data when it is stored and when it is being transmitted?

—Do they do routine security audits and assessments?

—Do they do security awareness training for staff and students?

—Do they limit Internet access to only sites that are known to be “good/safe”?

—Do they limit or prohibit the use of personally-owned IT devices on school systems?

Source:

Chris Simpson

Director of the National University Center for Cybersecurity

Main image: Kids at a school computer lab. Image credit: Tomasz_Mikolajczyk

LEAVE A COMMENT

This site uses Akismet to reduce spam. Learn how your comment data is processed.