“Why Schools?” – That’s The Wrong Question

Why aren’t schools doing anything to prepare? (And they’re not.) That would be a better question. Why School Systems? The Rise of Ransomware in Public Schools.

And if you ask the wrong question, any answer that you get won’t result in any useful insights.

Due to their wealth of data and limited budget for cybersecurity staff and training, schools have drawn the eye of hackers. Experts recommend backing up data and investing in cybersecurity training and preparedness.

My personal recommendation is that schools cut back on that “wealth of data” until such time as they have a wealth of “cybersecurity training and preparedness” in place, and deployed to protect it. And even then, they should ask if they really need to have that information online, because while ransomware has been in the news, there have been instances where all the data needed to steal identities was taken out of school systems. That’s a lifetime of having to worry about identity theft for people who are not old enough to drink. (Thanks Public Schools Idiots Everywhere who think you know how much you need to spend on security.) All because some administrator somewhere, with next to no knowledge of the risks, decided that he couldn’t be bothered to look up a kids address the 2 times during the year when he needed that information. And how often to school administrators need SSN? Really? They couldn’t get by 99.999% of the time with an in-house student ID number?

But back to the schools.

“The principal reason is that it’s a relatively easy target to aim for,” he said, explaining that school systems typically suffer from a fairly limited IT staff, older equipment and less-than-optimal cybersecurity expertise.

Then repeat after me. If that statement (limited expertise, limited staff, etc.) applies to your organization, that purge every last bit of data that is not needed, and some that is needed. And it isn’t needed just because you’ve “always collected it.” Schools do NOT need SSN. Not online they don’t. They don’t need every piece of information for stealing identities in a place where they can be stolen by the lowest-knowledge hacker on the planet. How big is your school? You can’t file a couple of 1000 pages of info. (Like home address, and SSN for the one time in 4 years when you MIGHT need it?) Stop pretending that having “everything at your fingertips” is a requirement. It isn’t.

Another instance where people asked the wrong question. What diet leads so many people in this area to live past 100? (Hint: It isn’t diet.)