According to the Director of InfoSec Security & Compliance Group, Larry Boettger, the average time and cost it takes to recover from identity theft is about 600 hours and 8,000 dollars. It’s very scary, very annoying and very real.
In Boettger’s Inside the School online seminar, Electronic Data Security for School Administrators, he reviewed ways school districts can protect their digital data, how to tell if a computer has been compromised, who’s responsible for data protection and more.
"Why are [cyber criminals] doing this," Boettger said. "Cybercriminals are targeting schools to steal data. They are doing this because they are making money off of your sensitive information and then selling it on the digital underground."
The information on the digital underground is valuable. Social security numbers, names, addresses, passwords can be worth around 150 dollars. Boettger said credit card numbers are valued at about 5 dollars per number.
Boettger warned that these computer hackers aren’t necessarily operating hundreds of miles away. Hackers can attack a school from inside the building.
"It’s not just about criminal identity theft. Some students target the [school's] computers to change grades. It can be done as a favor or for a cost," Boettger said.
With cyber criminals coming in many different forms a concern for schools is; who is ultimately responsible for protecting school data?
"It is the administrator’s responsibility to protect the school’s data," Boettger said. "There are laws out there that require school’s to protect minors’ information and legal protection. There are state and federal laws."
The first step administrators should take to protect their data is to test their web site, emails and network. The main types of testing that should be done are penetration, vulnerability and overall risk assessment.
"The two things to be looking for when conducting a test are how are [the hackers] attacking you and what are their methods," Boettger said. "And the two types of hackers are remote and inside.
The first step a remote computer hacker will take is what Boettger refers to as reconnaissance. There is less risk for them and they can often do it safely. Hackers are going to look at every type of whole they can get into. They will look at your website, and public information such as IT personnel. [Remote hackers] will even send school staff malicious code.
Boettger said there are several types of protective measures schools can take for protection. They can create firewall access control lists, patching, network based intrusion prevention systems, centralized monitoring and analysis systems, have secure code management and password threshold mechanisms, configurations and implement security policies, standards and procedures.
Inside hackers don’t just attempt to access the website from a remote location, they try to penetrate the system from inside the physical building. Educators need to be extra cautious of inside hackers as they can be students that have easy access to school computers.
"Inside attackers have a lot more access and they may already be in the environment. Inside attackers can download data onto a computer and install malicious codes. They can use data jacks that are in conference rooms and school rooms to hack the actual network," Boettger said.
Boettger said protection from onsite attackers should consist of having centralized monitoring, network access controls, security code management, and encryption; conduct an awareness campaign for the staff and the students and video surveillance.
To identify when a computer has been compromised Boettger said to be vigilant of several things.
"Computers that have been compromised usually run slower than usual, have a lot of pop ups, have odd behavior of the data such as missing files and folder name changes or the mouse cursor may move by itself," Boettger said.
When someone does suspect a computer has been compromised the first thing to do will be to get leadership approval to begin assessment scans and conduct research.
"After you have leadership approval you should conduct gap analysis to find wear the weaknesses are. Conduct anti-virus scans," Boettger said.
Boettger said school officials just can’t take chances when it comes to protecting their data.
"Personal identification information is very important, cyber criminals are very creative, successful and they want to make a profit, it is the administrator’s duty to protect the school’s digital information," Boettger said.
Larry Boettger’s seminar Electronic Data Security for School Administrators can be purchased here.