Skip to content

Think Before You Click

by on October 5, 2017

One of the most insidious threats to any industry today comes in the form of a cyberattack. You have heard the stories, seen the news, and may have even experienced some version on your campus. This is a growing concern for independent schools, due to the open and collaborative nature of our communities and the people who work there.

An attack can range from a simple student hack to a much more sophisticated attempt to penetrate your network. While all forms of cyberattacks can affect your classroom, campus, and business operations, a significant breach can have a long-lasting effect on your institution’s image.

What makes an independent school vulnerable and what can you do to protect yourself? The helpful, caring, and trusting individuals found on your campus provide the perfect opportunity for a hacker to enter your network. Do you regularly conduct phishing tests for students, faculty, and staff? The Lovett School began performing this exercise and found that a majority (almost 80%) of their faculty initially “took the bait.” Woodward Academy conducted a similar email campaign and those that clicked were taken to an educational video; a soft lesson but still extremely effective. Both schools dramatically increased awareness among students, faculty, and staff, and reduced the number of potential risks.

Sophisticated hackers may also take readily available information from your website (new employee, school trips, etc.) to conduct another type of attack; one that asks you to share information with a “known” coworker. This occurs when you receive an email that appears to come from an email address you recognize and contains a request that might be legitimate. At The Pine School in Hobe Sound, Florida, a request to transfer funds to cover a professional development event was sent to the business office, presumably from the new Head of School. Fortunately that request was immediately recognized as out of the ordinary, and an attempt to verify the request by other means proved it to be false.

How do you help your staff recognize these types of emails? Lee Conner, Assistant VP for Technology and Transportation at Woodward Academy, recommends you look for the obvious clues first. Hover over the link – what does it show? Check the grammar – a poorly written email often indicates a false request. To whom was the request sent? Are there several names, odd names, or are they listed alphabetically on the recipient list? These too are indicators of a phishing email. Finally, if there is an immediate call to action, be especially cautious. Perpetrators often use a sense of urgency to move you past your initial suspicions.

As independent schools we also need to be conscious of the people with whom we work, and what they are doing to protect our information. What security measures do your vendors regularly employ? Do they conduct an annual analysis of cyber risk? What questions are you asking before doing business with a vendor? These questions and more are being considered in the work being done by many IT professionals and the associations to which they belong in an effort to compile safety measures all schools, regardless of size, can embrace. MISBO will continue to research these issues and produce helpful suggestions and tools that can be shared.

If you are from a MISBO member school, click the link below to learn from one school’s personal account of living through a cyberattack by visiting our webinar archives.

Surviving and Preventing a Ransomware Attack

Dianne Sagaas
Director, Education
MISBO

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: