March 11, 2016
While cybercrimes and data breaches seem to flood the news cycle every year, we rarely hear anything beyond the same old story. A shadowy group of hackers penetrated a bank, a website, a university, or a business and stole personal information to be sold later on the black market. In most of these situations, the target is a database of accounts with credit card information.
Yet, governmental organizations, such as K-12 education, are also at risk of similar attacks. These schools may not have credit card numbers on file, but they do have other sensitive data and pressure points to leverage. As an example of the latter, the Swedesboro-Woolwich school district, in New Jersey, was hacked and nearly extorted for the equivalent of $128,000. The district decided not to give in to the demands and was instead forced to rebuild their system over a period of two weeks.
In another example of cybercrime threat in K-12, coincidentally in New Jersey as well, student names, addresses, phone numbers, date of births, and possibly even social security numbers were lifted from the Sherman Avenue charter school. Whether a school or a bank, nearly every organization’s computer system has some valuable information to be exploited.
The Two Sides of Cyber Security: Network Security and User Awareness
An organization, particularly K-12 education, is vulnerable in two general areas—the network and the user. Without addressing both of these areas, a school district can still be open to attacks.
Develop a Security Awareness Program at the School
Schools have the unique dynamic. On the one hand, there are a lot of internet users on a single network. One the other, these students don’t necessarily have the same level of ownership or personal responsibility attached to these accounts. User error and weak passwords are two of the most common factors leading to breaches. Develop a security awareness program to address oversights like this and educate the students and faculty on the importance of adhering to security policies.
Topics to cover:
- Password best practices: The term “password” has become outdated with the increase of security threats. Hackers can employ computer programs that attempt thousands of password combinations over and over again. If a user’s password is truly a “word” with a few numbers, it won’t supply much security against a hacker worth their salt. Instead, stress the importance of “passphrases.”
- Device security: Cover the basics of responsible device use on the internet. Identify the importance of firewalls and how to navigate the internet without falling victim to the usual pitfalls.
- Sharing Data with Outside Parties: Data is everywhere and there have never been more ways to transmit it from one device to another. Define a policy for sharing data using cloud storage services like Google Docs or Dropbox and cover the common phishing scams used to dupe people into sharing sensitive data.
- Use of Mobile Technology: Mobility, and the prevalence of mobile devices, adds a new element to the question of security. Rather than making this its own section of your program, remain aware that much of the time these students will spend using devices will be on a phone or tablet.
- Ethics and Consequences of Illegal Hacking: Hacking has an allure to it and has been romanticized in film and television since the concept arose. Describe the ethical implications in hacking and the legal consequences for cybercrime to dispel any romantic notions students may have. However, there is an alternative, and it relates directly to our next section.
White Hat Hackers: Fighting Fire with Fire Fight Cybercrime Threat in K-12
Sun Tzu’s The Art of War reads, “Know your enemy and know yourself, find naught in fear for 100 battles.” In cyber security terms that means that you must know where your own weaknesses lie and the ways in which a hacker will exploit them. To do that, one option is to recruit the services of a white hat hacker.
A white hat hacker is precisely what it sounds like. This is a person who utilizes all the same skills and techniques as a criminal hacker but uses this knowledge to legally test the security of business clients. Companies or organizations will hire a white hat hacker to discover the flaws in their security system and provide recommendations as to how to correct them.
Often, these services take one of two forms:
- Penetration Test: A penetration test is when a white hat hacker is hired to breach the security system in every way they can and provide a detailed report describing how it was done and how to stop someone else from doing the same.
- Bug Bounty: An alternative approach is to create a bug bounty. This is an open call for white hat hackers or a specific request from a group of hackers to find a way into the system. Payment will then be doled out on a per-bug basis.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
For Further Reading