0
0
PowerSchool, a service used at NS for grades and attendance marking among many other things, published a statement on Jan. 7 informing its customers that their Student Information Services had a major security breach which resulted in many of its customers’ personal data being compromised.
“[NS was] not involved in the PowerSchool breach because we don’t have a direct connection to PowerSchool,” NS systems engineer Enoch Brown said. “We host our own, and it doesn’t have a direct connection back to them.”
According to an article from Security Week, this affected school districts worldwide and affected the data of enrolled students and educators as far back as 1985.
“Fortunately we weren’t involved in that breach,” Brown said. “But when you talk about 10,000 districts worldwide, that’s massive.”
An attack similar to this was performed on Clark County School District in Nevada.
“They got student passwords and just traversed their Google directory and just escalated privileges,” Brown said. “They just moved around until they had total access to their whole domain.”
The same hacking group that hacked into systems in Clark County School District also attacked districts in close proximity to NS. NS technology administrators have taken action to protect NS from these attacks.
“We were the first in the region to turn on multi-factor authentication for our staff,” Brown said. “That’s why PowerSchool has a Google authentication.”
Students at NS may have also noticed, in the past two years, that there is not an autofill feature for email addresses within the district unless you have already sent an email to that email address, unlike years prior. While this measure was taken before these specific attacks happened, this is another security measure taken by NS technology administrators to counter these cyberattacks.
“[NS technology administration] is annoying, but I think we are annoying to everyone’s benefit,” Brown said. “It was such a convenient thing, but it was so convenient that it made us vulnerable.”
In order to avoid your data being compromised, Brown and instructional coach Dax Higgins both suggest the use of a password manager that will set strong passwords that you as the account owner don’t even know yourself.
“Passwords should not be known by humans except for the ones that we absolutely have to know,” Brown said.
Brown also warns against the increase in phishing schemes, warning all students to be incredibly cautious of things like attachments in emails.
“Phishing is the biggest way into a network,” Brown said. “If you get an email that you are not expecting and it has an attachment, don’t open the attachment.”
In the event that you do receive an unexpected email with an attachment that you think might be okay, Brown suggests contacting whoever sent you the email through some other form of contact to ask them about what is in the attachment and why they sent it.
Junior Liam Andersen warns fellow students to be especially careful with their information on social media or social gaming platforms.
“Anything that involves any social aspect,” Andersen said, “social media especially [will require heightened security measures], so you don’t get hacked… and you don’t get doxxed.”
Andersen suggests changing your humanly known passwords frequently and seldom using your real information.
“You gotta just sorta pick and choose and use your head,” Andersen said. “There are some situations where it is okay to give out [certain] personal information although they are very few and far between. So really you’ve just got to use your common sense.”
With so many cyberattacks being launched directly at school districts, some begin to wonder why schools are such a target for these attacks.
“I think schools are a huge target because [students] are people who haven’t developed a credit line yet,” Higgins said. “They haven’t had any reason to take out a mortgage or get a loan on a car or even pay for college yet.”
School districts hold the data of thousands of people who are vulnerable to identity theft making it easy for someone to assume their identity for nefarious purposes.
“If you can get somebody’s account who is a student you could potentially mess up their life before they go apply for anything and realize that it has been messed up,” Higgins said. “It not only buys [criminals] a clean slate, but it also allows for more time before they potentially get caught.”
While Higgins isn’t concerned with NS students’ data being compromised, he feels that many students don’t understand just how easy and dangerous compromising their data might be.
“It’s just that students are so casual with their passwords,” Higgins said. “They trust their friends and things like that. I think they just don’t understand the gravity of it: what it really can do if their identity is compromised or stolen for nefarious purposes.”
