14 Oct Dishing On Phishing: How Does A School District Protect Its Staff And Students?
Ongoing reinforcement is the key to success in Berks County, Pa.
–Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Oct. 14, 2019
K-12 schools are under cyberattack. And staff members need to attend cybersecurity training in order to protect themselves and their students.
Since January 2016, there have been more than 704 cyber incidents targeting K–12 schools in the United States, according to EdTech Strategies.
More than 700 professionals representing a variety of industries made the pilgrimage to Orlando, Fla. earlier this year for KB4-CON, the world’s largest security awareness user conference. Cybercrime Magazine caught up with one of them, Ryan Fitterling, director of technology for the Wilson School District in Berks County, Pa., to find out what the cyber climate is in his neck of the woods.
The Wilson School District serves students from the communities of Spring, West Lawn, Sinking Spring, Lower Heidelberg, and Wyomissing, and is located in West Lawn, Pa. The district operates five elementary schools, two middle schools, and Wilson High School.
The district is comprised of between 1,100-1,200 staff members, and 6,100 students. Behind its supposedly protected walls is a vast amount of financial and student information.
Security awareness training is important because a lot of compromises come from phishing vectors and other types of social engineering, according to Fitterling.
What is phishing?
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters, according to KnowBe4, the world’s largest security awareness training and simulated phishing platform.
Emails claiming to be from popular social websites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.
As Fitterling simply puts it, people are really the weakest link when it comes to cybersecurity. “We can put as many firewalls and software safeguards as we want but at the end of the day if the human is the weakest link, then we need to be training them as well.”
The Wilson School District puts its staff members through a security awareness training program. But more importantly, Fitterling believes in ongoing reinforcement training.
“The biggest problem with training is if you don’t do it over and over,” he says. “It’s in the forefront initially but if you don’t do it over and over again to reinforce, then it sort of falls off the radar.”
KnowBe4 recommends phishing your employees, or phishing simulation, as an important part of the ongoing reinforcement mix. “Reinforcement keeps the skill set up and reminds the people of the threats,” says Fitterling.
What are the consequences of not having security awareness training in a large school district?
“If you don’t have training and someone is compromised, then information is lost,” notes Fitterling. “Student data information can be very valuable, because they’re young with a blank slate and no credit history, if their information goes out for criminals to use.”
All school districts would be wise to add security awareness training to their curriculum. If not, then staff members and students are at risk of failing their phishing finals — and the consequences are much worse than Mom and Dad getting upset.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Sponsored by KnowBe4
KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space. We are proud of the fact that more than 50 percent of our team are women.