Title 1, Large district, Urban, 9-12
Happy 2022! Before our winter break, I received an email to upgrade an application on my school-issued laptop. This seemed suspicious since updates had happened automatically for the last five years when I connected to our network. Rereading the email, I visualized a decision map and contemplated my course of action. After this analysis, I decided to delete the email. My conclusion was sound as, minutes later, I received a follow-up email from our county technology department that the update email had been a security test. I passed!
My celebration, however, was short-lived. About a week later, another email alerted me that I had a voice mail on my desk phone. This is not unusual as our phone system is synched with our email, so we can listen to messages anywhere. Despite the email looking different from previous notices (did they go through an upgrade?) I clicked on play to hear the news. Unfortunately, this was not a good move as a message appeared stating this was another test from our friends in technology. The follow-up email this time notified me that I would have fallen victim to ransomware. Because of my failure, some additional training was required.
These scenarios represent the most common types of security breaches plaguing schools today. With the number of devices used by teachers, students, and support staff, the “numbers game” is an attractive endeavor for malware phishing attempts. The endgame of these attacks varies. They include gaining unauthorized access to information or systems, depriving users of access to information, extorting money, and disrupting operations.
Technology security is a legitimate concern. Unfortunately, despite school systems taking steps to protect many ways, systems remain vulnerable, and staff is not fully informed. As you approach a school to discuss their current level of security, be sure to ask about these measures so you can better assess their practices and strategize your support.
Staff training: To what extent does this exist?
- Is it mandatory? How is it delivered, and how often?
- Tech assessment: Are technology applications used in the class assessed for security risks? Any tool that involves a student log-in should garner special attention.
- Hardware updates: How do updates occur, and how does staff know about these?
- Passwords: How often are these updated for students and staff? How many passwords do students have?
- Support Staff: How big is the tech security team? How are they updated? What processes exist, and how fluid are they?
As someone whose personal information was stolen due to a successful malware attack, I am keenly aware of the vulnerabilities. But despite this heightened vigilance, I was still caught off guard by a systems test. Their reactions surprised me when sharing this experience with colleagues in other states and schools. They expressed that they had no similar difficulty, weren’t aware of any training they had taken, and doubted that much was being done to prevent this. Schools need help. Be sure to know what they have in place, share what the risks are, and have the solutions at hand.
Listening, customizing, implementing, and troubleshooting. Those are the key differentiators that set Agile apart from the competitors—interested in learning more? Contact us directly today.