School board discusses threats to cyber security

Jake Browning

reporter@thefranklinpress.com

Arguably the greatest priority of any school system is to keep the children under its care safe. District offices go to great lengths to set up infrastructure and enlist resource officers to deter physical threats to their students. In the 21st century, however, there’s a much different kind of threat hovering over schools, just like every other institution, in the form of cyber attacks, and its important to officials with Macon County Schools to stay one step ahead of cyber criminals.

Cyber security issues have been a popular topic in national news over the last month or two, spurred on by a ransomware attack on the Colonial Pipeline that led to a brief but intense gasoline shortage, as well as a similar attack on meat company JBS USA. The attacks and their impact on supply chains raised questions about preparedness to handle this modern and growing problem. Practically any organization that uses computers can fall victim to cyber attacks, and in 2021, that includes nearly every business and government department.

“It’s kind of hard to believe that in the business of education, we have to discuss this stuff,” school board chairman Jim Breedlove said. “It kind of blows my mind.”

Ransomware, one of the most common tactics used by cyber criminals, can be delivered to any internet-enabled device via email and installed if it’s opened. Harmful programs can have a variety of affects on the device, but the prevailing strategy is to use ransomware to encrypt data on the device so that the user can’t access it, then make them pay ransom money to get their data back. When executed properly, using ransomware can be highly lucrative with minimal overhead, making attacks on even very small institutions a potential jackpot for hackers.

“You really don’t need to be a high-value, high-profile target,” school board legal counsel John Henning Jr. said. “I’ve been surprised among some of our clients that are not in big districts that they fell into this kind of problem and I know that they wish they had been prepared.”

Fortunately, the attacks this spring didn’t take Macon County Schools by surprise. Information technology director Tim Burrell says that literally millions of potential cyber threats on school system computers are blocked every week by their firewall. They’ve also consulted with the Microelectronics Center of North Carolina (MCNC) and used their suggestions to enforce more security measures, such as regular password changes and blacklisted applications.

“We had MCNC, which is our state networking group, come in and do a cyber security analysis last year,” Burrell said. “They had a lot of different suggestions and things that we put into place within the network… I think we’re in pretty good shape.”

However, one of the greatest threats to cyber security is human error. Ransomware is delivered through suspicious emails and apps that can be avoided by savvy computer users who recognize them. The state has set up a professional development curriculum for school staff to use this year that should maximize their awareness of possible attacks. Burrell says that Macon County teachers will partake in the project this August and that Macon County Schools should stay in a good position to prevent cyber attacks.

“One of the most important things is getting our staff trained on things like phishing attacks and social engineering attacks,” Burrell said. “This informs our staff on what to look out for.”

The Macon County Board of Education will have their next regular meeting on Monday, July 26 at 6 pm in their boardroom at the central office.