Glen Finkel smiled as he stood in front of 75 superintendents, business managers, and technology directors and system administrators.
“One of the reasons we picked October 31st for this event,” the Kent ISD Director of Information Technology said, “is this is kind of scary.”
Those in attendance – primarily from Kent ISD plus a few from Ionia, Montcalm and Muskegon counties – chuckled appreciatively, if not a little nervously.
They’d just heard from presenters at Kent ISD on the ways school districts are vulnerable to cyber attacks, including ransomware.
But, said Finkel, one of the purposes of the workshop was to make things a little less frightening for district leaders, including IT professionals.
“Due to the dramatic increase of ransomware attacks on schools across the state, we wanted to give our school districts an opportunity to hear from industry experts on how to prepare for and respond to this type of cyber attack,” he noted.
“Since effective cybersecurity involves many departments within an organization, we set up this learning opportunity to cover the many perspectives and diverse backgrounds of our audience,” Finkel explained.
‘Why Would Anyone Want to Attack a School’
For Russell Hoorn II, director of technology for Kelloggsville Public Schools, the event provided some good reminders on how life has changed for schools in the two decades he’s worked in K-12 at his alma mater, Kenowa Hills, and the last 15 at Kelloggsville.
“The focus (of cybersecurity) used to be making sure students couldn’t change their grades,” Hoorn said during a break between sessions. He said the workshop underscored how important it is to be vigilant going forward.
“I used to think ‘why would anyone want to attack a school?’ That’s not the case anymore.”
Session speakers made it clear “just why.” Alex Brown with Plante Moran gave the day’s opening talk and his message to attendees was plain.
“What you guys hold,” he said, “is the ‘creme de la creme,’ which is records.”
Brown said that on the dark web – what he referred to as “the Walmart of bad things” – a fully loaded record can be purchased for around $3. Schools, he noted, have lots of fully loaded records, typically where name, address and social security number are all together.
In addition, he said, child records are a prime target for hackers because they are a blank slate – without a lot of history attached to them compared to a data record for an adult.
“That blank slate,” he said, “is a great resource for a lot of bad things.”
In fact, in a 2017 story by DataBreaches.net on children’s records being hacked from pediatricians, it was estimated that the fully loaded patient records of 500,000 children are available on the dark web. DataBreaches estimated another 200,000 records were stolen from elementary schools.
I haven’t had specific training like this,” Hoorn said, “so this is great. “I am interested in the security of our school district. I think we do a pretty good job, but I want to make sure we are following best practices. We don’t want to be a school district in the news because we had to recover something we should have been protecting.”