[VDOE] FRIDAY CYBER - July 31, 2020 - Cyber News and Views for VA Schools

Virginia Department of Education sent this bulletin at 07/31/2020 09:05 AM EDT

7/31/20

Our First Email

Greetings! Welcome to the Friday Cyber email from the Office of Information Security at VDOE. We hope this bi-weekly email will provide useful news, tips, and advice for Virginia's K-12 schools on the topic of Cybersecurity.

Cybersecurity is a broad category of information systems management. The term refers to the activities involved with managing and maintaining the confidentiality, integrity, and availability of data. This could be physical security, such as buildings and locks, or it can refer to abstract barriers, or controls, in software and governance policies. In any situation, cybersecurity affects our school networks and can have direct impact on student experiences.

Hi. My name is Tim Tillman and I am the Chief Information Security Officer (CISO) for the VDOE. Our team of cybersecurity analysts support the security program of the VDOE. I am excited to provide this email resource to you. Together, we can make our cybersecurity stance in Virginia's K-12 schools strong and a model to be admired.

Contact me at tim.tillman@doe.virginia.gov

Awareness

We read a lot of articles and blogs on security. Here are a few items we found to share.

Hard Lessons of Ransomware Attacks Inform Tech Strategies
In September, the staff members of Rockford Public Schools’ technology department faced their worst IT nightmare: A ransomware attack was spreading across the data center and encrypting servers.
Cyberattacks Increasingly Threaten Schools — Here’s What to Know

Cyberattacks continue to plague the education sector, and they’re only intensifying. Since 2016, there have been 855 cyber incidents publicly disclosed by U.S. schools and districts, according to data from the K–12 Cybersecurity Resource Center.

Learning

Some weeks we will take the time to focus on a single subject or concept and provide learning resources that can help you. This week, our topic is the importance of cybersecurity governance in your school division.

Why do we talk about cybersecurity in schools? What's the big deal? We have nothing to hide and we have nothing of value. Well, that's simply not true. In fact, educational targets are some of the most valuable targets. Our schools hold data on thousands of people that includes demographic, financial, health, participation, discipline, and privileged data.

Fear is powerful. It is often used to affect change. Fear is very often used in cybersecurity to get companies and individuals to act. We are constantly seeing horror stories of lost data, breached data, large payouts, and the looming threat of more attacks on the horizon. Fear can be a motivator, but I embrace the concepts of culture and recognition.

We must recognize that schools are a target and we are have responsibilities to act. During the coronavirus pandemic, the education sector is leading the country in the shift to virtual work while still holding the responsibility of protecting some of the most sensitive and valuable data available: the personal information of students. We are particularly vulnerable to cyberthreats because this momentous change has happened rapidly and without a roadmap of how to proceed. Microsoft Security Intelligence is reporting that education is the most affected industry by malware. Google is reporting that it blocks 100 million daily phishing emails and within one week alone they blocked 18 million COVID-19 related phishing scams. It is imperative that we continue to navigate this time period with mindful and careful precision. Of course, this isn't meant to scare you. It's meant to show that the threat is real and we can do something about it.

Cybersecurity isn't something that only the computer support folks handle. Cybersecurity is a culture. Your school culture will need to embrace cybersecurity concepts and use them in many existing environments if we want to protect our data. From Board meetings to grade level meetings, the concepts of sharing and protecting data should resonate. We can't rely on a single person in a school division to be the cyber guru. It's long been said and acknowledged that the biggest threat to any computer system is the authorized users of that system. A company's own users are a bigger threat than outside hackers. This is due to negligence, nonchalance, complacency, and transference of risk.

Everyone has a responsibility to protect the data assets of a school and in the coming weeks we will discuss how to change the culture of your schools and create something amazing.

Community

Contribute

Do you have cyber-related news or information that you think would be helpful for all Virginia schools and technology staff? Any specific topics to discuss? Send an email to Tim Tillman, CISO.

Share this newsletter with staff and faculty. Encourage colleagues to sign up for VDOE newsletters here.

Stay Connected with the Virginia Department of Education

This service is provided to you at no charge by the Virginia Department of Education. Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your email address to log in. If you have questions or problems with the subscription service, please visit Subscriber Help.