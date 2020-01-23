The Chinook School Division has become a more frequent target of phishing attacks in recent months, but it is taking steps to educate staff about these online cyber attacks.
Manager of Information Systems Rob Geiger provided details about the school division’s response during the presentation of the technology status report at a regular Chinook School Division board meeting, Jan. 13.
Cyber security and the protection of the school division’s computer systems, networks and programs against cyber attacks have become a significant concern.
“We have to be aware of it all the time and we can’t forget about it,” he said after the meeting. “If we don’t pay attention to security, then it could completely devastate us. If we do pay attention to security, then nothing will happen that’s bad. Not necessarily anything that’s good, but at least we won’t be damaged.”
The school division has experienced about 70-80 ransomware attacks, when malware encrypts a victim’s files, during the last five years.
“Most firewalls can catch that stuff nowadays,” he said. “It’s a lot harder to get a virus from malware through firewall, because the technology in firewalls has evolved so much, but in the past what would happen is someone would download a piece of software and install it or activate a file, and that would start the install of an encrypting software.”
In addition to more effective firewalls, the school division’s use of more Chromebooks has helped to address security concerns about malware.
“Chromebooks are generally considered one of the most secure devices that there is,” he said. “So it has definitely helped us. Our amount of malware has gone down considerably with all the Chromebooks that we have. We used to have to refurbish or reinstall software on Windows devices pretty commonly. We just don’t have to do that on Chromebook. … We still have lots of Windows devices, but it’s a lot harder to do something like that.”
Phishing attacks have become a far greater security concern for the school division and the education sector has become the target of these attacks.
“Speaking with the other IT managers in the province, I know that they are expressing the same concerns,” Geiger mentioned. “For whatever reason, we were not on scammers’ radar about three years ago, and now we are.”
Phishing scams are usually carried out through deceptive e-mails that are send to a large number of people with false claims about representing a legitimate organization. Phishing attacks have become the most common form of cyber attack, but the school division is also concerned about spear phishing, which is a more targeted form of attack. Fraudsters will collect information to actually impersonate someone and to create a false e-mail that appears to be from a trusted source.
“What’s different about spear phishing compared to phishing is that if there’s a response to that, then the scammer will actually have a specific real-time response to that,” he explained. “We’ve had instances where someone has sent an e-mail and someone has responded to it and the scammer has responded to that e-mail and engaged in a conversation pretending to be a person. That’s spear phishing.”
The Chinook School Division has taken various cyber security measures to protect the organization’s systems and employees against these types of attacks.
“If we implement good security, that’s going to save us in the long run, but that cost money,” he said. “We have invested in firewalls, we have invested in our education program, we have invested in backup software. So that’s been the only real cost. Fortunately, we have not lost a cent to scammers at this point.”
The education of employees to raise their awareness about scammer techniques is an important part of this response. The school division has started to use KnowBe4, a software platform for security awareness training that includes simulated phishing attacks. Geiger and his staff will send out simulated phishing e-mails to school division employees to test their response to these suspicious messages. This will be followed up with more education and intervention, and also additional phishing tests for employees to evaluate their learning.
“The research would indicate it does work very well,” he said about these simulations. “Many IT professionals think that you must test your individuals. You have to educate them, because the human factor is the greatest vulnerability right now. Over the last five years it’s become more common and more popular to do internal testing and then education. It seems to be the most valuable way to improve your security nowadays.”
Cyber security in the education sector is more challenging than in other sectors, because devices are not only used by employees. Students are also using devices as a daily part of their learning.
“We have 1,000 employees, but we have almost 5,000 devices,” he said. “We have to provide devices not just for employees, but also for essentially our clients, which are our students. So it’s a little bit of a different thing in education. You have a lot more people using compared to the number of employees we have, and certainly that translates into all things like security.”
The use of Chromebooks has made a difference, because students are mostly working on those devices. There are also programs in the schools to teach students to be responsible digital citizens.
Geiger referred to various other ongoing technology initiatives in the school division during his presentation.
A significant number of older PCs and laptops are still being used in schools, and the Windows 10 operating system does not work very well on these older devices. A successful pilot project at École Centennial School used CloudReady, a version of ChromeOS, to turn these old devices basically into Chromebooks at a cost of $1 per student. The intention is to offer this as an alternative to other schools to keep older devices running.
The process to upgrade the school division’s primary server cluster since last year has experienced some technical difficulties, but the servers have now been running stable for three months. A new backup server will be installed in February. It will replace an older server that has become too costly to keep in service.
The lack of emergency generators to provide power to IT services in case of a power outage is an important risk for the school division. It is therefore planning to install wiring for emergency generators at the Swift Current Comprehensive High School as part of the planned electrical infrastructure upgrades at this facility.
