An expert says North Carolina schools aren’t prepared for a significant cyber security attack, EdNC reported Wednesday.
According to the outlet, a tech expert from the Friday Institute for Educational Innovation in Raleigh gave state lawmakers a “sobering” look at the school districts’ security as it stands today.
The report comes months after a hacker attacked the Mecklenburg County government computer system and demanded a $23,000 ransom. County officials reportedly did not pay the hacker.
Phil Emer, director of Technology Planning and Policy at the Friday Institute for Educational Innovation, gave lawmakers a sobering look at the cybersecurity landscape during Tuesday’s Joint Legislative Education Oversight Committee meeting.
He briefed lawmakers on the state’s efforts to combat cybersecurity threats. He also offered information on how districts and schools can do to better protect themselves in the wake of a 2016 Department of Public Instruction study showing most traditional public and charter schools are not ready for a significant cybersecurity event.
“Schools are actually getting targeted specifically now,” he said. “Not only have North Carolina schools been targeted, but a lot of municipalities and counties in the state have been targeted.”…
Emer noted one district suffered a similar ransomware attack and had to rebuild its digital infrastructure shortly before the start of the school year because it had no digital backups in place.
He also gave the example of three other districts that asked MCNC, the tech non-profit that operates the broadband infrastructure for the state’s schools, for help following malware attacks.
“A number of devices in a school district will be infected, they’ll clean them, and then almost immediately they become reinfected,” Emer said.
He said that practicing good “cyber hygiene” could prevent such attacks, which can end up being costly for districts.
The state now appropriates $200,000 each year for an initiative dealing with cybersecurity and risk management. Emer said at present the state is in the “continuous monitoring and risk assessment” phase of a three-step process of the initiative.
As part of that, a risk assessment dashboard has been created that can check for vulnerabilities, see what issues need attention, calculate risk scores, apply fixes, and more.
For more information, read on at EdNC.