Protecting cyber security in schools: ‘This is kind of scary’

Glen Finkel, director of information technology at Kent ISD, organized the October 31 cyber security event

Glen Finkel smiled as he stood in front of 75 superintendents, business managers, and technology directors and system administrators.

“One of the reasons we picked October 31st for this event,” the Kent ISD Director of Information Technology said, “is this is kind of scary.”

Those in attendance – primarily from Kent ISD plus a few from Ionia, Montcalm and Muskegon counties – chuckled appreciatively, if not a little nervously.

They’d just heard from presenters at Kent ISD on the ways school districts are vulnerable to cyber attacks, including ransomware.

Scary, indeed.

But, said Finkel, one of the purposes of the workshop was to make things a little less frightening for district leaders, including IT professionals.

“Due to the dramatic increase of ransomware attacks on schools across the state, we wanted to give our school districts an opportunity to hear from industry experts on how to prepare for and respond to this type of cyber attack,” he noted. 

“Since effective cybersecurity involves many departments within an organization, we set up this learning opportunity to cover the many perspectives and diverse backgrounds of our audience,” Finkel explained.   

Russell Hoorn II, director of technology for Kelloggsville Public Schools, and Terri Ricketson, director of business services, participated in the workshop

‘Why Would Anyone Want to Attack a School’

For Russell Hoorn II, director of technology for Kelloggsville Public Schools, the event provided some good reminders on how life has changed for schools in the two decades he’s worked in K-12 at his alma mater, Kenowa Hills, and the last 15 at Kelloggsville. 

“The focus (of cybersecurity) used to be making sure students couldn’t change their grades,” Hoorn said during a break between sessions. He said the workshop underscored how important it is to be vigilant going forward.

“I used to think ‘why would anyone want to attack a school?’ That’s not the case anymore.”

Session speakers made it clear “just why.” Alex Brown with Plante Moran gave the day’s opening talk and his message to attendees was plain.

“What you guys hold,” he said, “is the ‘creme de la creme,’ which is records.”

Brown said that on the dark web – what he referred to as “the Walmart of bad things” – a fully loaded record can be purchased for around $3. Schools, he noted, have lots of fully loaded records, typically where name, address and social security number are all together. 

In addition, he said, child records are a prime target for hackers because they are a blank slate – without a lot of history attached to them compared to a data record for an adult. 

“That blank slate,” he said, “is a great resource for a lot of bad things.”

In fact, in a 2017 story by DataBreaches.net on children’s records being hacked from pediatricians, it was estimated that the fully loaded patient records of 500,000 children are available on the dark web. DataBreaches estimated another 200,000 records were stolen from elementary schools.

I haven’t had specific training like this,” Hoorn said, “so this is great. “I am interested in the security of our school district. I think we do a pretty good job, but I want to make sure we are following best practices. We don’t want to be a school district in the news because we had to recover something we should have been protecting.”

CONNECT

500 schools hit by ransomware in 2019

Lansing hit by ransomware attack

Ransomware attacks in Northern Michigan

A room full of Kent ISD employees at the start of a cyber security event on ransomware
- Sponsorship -
Phil de Haan
Phil de Haan hails from Exeter, Ontario, but has called Grand Rapids home since 1985. He is the son of a longtime public school teacher who taught both English and machine shop! Phil took both classes at South Huron District High School, but English stuck, and at Calvin College, where he met his wife, Sue, he majored in English and minored in journalism. His background includes both freelance writing and public relations work, including teaching an advertising and PR course at the college level. In the summer of 2019, he began his own freelance writing and communications business. In his spare time, Phil plays pick-up hockey and pickleball and tries to keep tabs on his two adult children. Read Phil's full bio or email Phil.

LEAVE A REPLY

Please enter your comment!
Please enter your name here