Page 17 - The Edge - Spring 2021
P. 17

Tips on Minimizing the Possibility of a Cyber Attack

        CONTINUED FROM PAGE 15



        “The  moment  you  fall  for  that,  you  have  exposed   “There  will  be  life  after  COVID.
        protected  data,”  she  said.  “Every  email  needs  to  be
        looked at with a critical eye.”                         What will it look like?” – John Gay

        Other cyber attacks include spear phishing, which target     Gay, also with Peoria Unified, said he and Myers prefer
        top  officials;  pharming,  in  which  a  virus  or  malicious   the term cyber resilience rather than cyber security –
        software is loaded onto the victim’s computer, trying to   what  steps  are  taken  to  recover  from  an  attack.  The
        capture user names and passwords; and spoofing, which   amount of education-related data is soaring on a daily
        describes  fraudulent  email  activity  with  the  sender’s   basis,  including  how  to  measure  student  improvement
        address  or  other  parts  of  the  email  header  altered  to   and  learning-loss  during  the  pandemic,  grant  fund
        appear legitimate.                                      audits, and employee scheduling and staffing issues, he
                                                                said.
        And  then  there’s  ransomware,  a  type  of  malicious
        software designed to block access to a computer system   Gay emphasized that effective programs regarding data
        until  a  ransom  is  paid.  An  employee  who  innocently   asset  management  begin  with  sound  policy  from  the
        clicks  on  link  or  attachment  can  launch  ransomware,   Governing Board. The Governing Board must recognize
        Myers said. The latest forecast is for global ransomware   that data and information are the school district’s most
        damage costs to reach $20 billion this year, which is 57   valuable  assets.  Therefore,  to  ensure  safe  use,  Gay
        times more than it was in 2015.                         said,  the  Governing  Board  directs  “the  superintendent
        Cyber  security  is  defined  as  measures  taken,  such  as   to  create  a  comprehensive  data  management  security
        policies,  practices,  training  and  equipment  installed   program  –  it  all  starts  with  positive  and  effective
        to  protect  assets,  including  data,  information,  privacy,   leadership at all levels.”
        networks,  computers  and  servers,  from  unauthorized
        use, theft, exploitation, corruption, destruction or denial   There is an obvious need for internal controls to manage
        of use.                                                 finances,  Gay  said,  adding,  “Those  same  kinds  of
                                                                protections are needed to manage data assets.”
        Myers  advised:  “Do  not  reply  to  emails  or  click  on
        links  in  emails  from  unknown  sources,  and  do  not   To  create  a  healthy  data  culture,  Gay  recommended
        open  attachments  in  unsolicited  emails.  If  you  believe   implementing  data  literacy  training;  think  of  ways  to
        you  have  responded  to  a  fraudulent  email  or  provided   increase  access  to  data  without  violating  privacy  and
        personal  or  district  information,  let  your  supervisor   security concerns; work directly on common vocabulary,
        know. The IMT Department should also be notified. And   metadata,  and  reference  data  management  using  the
        do not share your password with other staff or have it   same terms to minimize misunderstanding; and consider
        written down where can be seen on your desk.”           acquiring outside consulting expertise.
        It was also recommended to encrypt emails with sensitive
        data, and forward suspicious emails to an abuse website.  Questions  Gay  suggested  to  consider:  How  do  I  do
                                                                internet  content  building  when  the  kids  are  at  home,
        Myers mentioned several ways to improve cyber security,   and  how  do  I  make  sure  that  our  staff  is  protecting
        including, replace weak passwords; conduct courses on   themselves and protecting the data they are using while
        the latest cyber security techniques; realize you may get   at home, using a personal laptop, for example.
        phishing  emails  every  week;  and  if  you  use  your  own
        devices at home that greatly expands the potential for a   “There will be life after COVID,” Gay said. “What will
        cyber attack.                                           it look like? Do we need to use data to inform how we
                                                                reinvent what public education looks like?”
        Cyber security is truly an entirely defensive endeavor,
        AASBO members were told. It addresses protection, but   John  Gay  can  be  reached  at:  jgay@pusd11.net  or  (623)  486-6071
        not necessarily response and recovery.  School districts
        are notorious for having mountains of paper, and people   Michelle  Myers  can  be  reached  at:  mmyers@pusd11.net  or
                                                                (623) 486-6033
        are weakest links.




                                                                                                                 17
   12   13   14   15   16   17   18   19   20   21   22