Frontline empowers strategic K-12 leaders with school administration software to proactively manage your human capital, business operations and special education.
For 25 years our team and products have been built as a result of seeing real needs within districts.
Frontline gives your teachers, staff, and administrators all of the tools they need, all in one place.
Created with input fromSeminole County Public Schools
A fictional story inspired by real life events…
It was a day like any other in the district technology office, until…
Having stopped by my usual coffee shop on my way to work, Thursday is off to a promising start. Then, just as I pull into my parking space, my phone buzzes with some kind of alert. Out of habit, I check it immediately. It’s an email from our local technology director listserv, subject line: Cyber-attack at Springland City Schools.
My stomach turns. Springland is a neighboring district. I know the IT director from that district personally. In fact, I just talked with Neil at the regional tech director conference last month. Now I'm staring at a video of him being interviewed by a Channel 7 reporter.
I immediately ping our local IT directors group to see if we can provide Springland with any assistance or resources.
Source: The K-12 Cybersecurity Resource Center. (2019). K-12 Cybersecurity 2018 Year in Review: Part III: Cybersecurity Incidents: 2018. Retrieved from: https://k12cybersecure.com/year-in-review/2018-incidents/
With a lump in my throat, I click on the link to the article and scroll through. Apparently, someone, maybe a staff member or maybe a student, clicked on a link, causing a data breach that inadvertently disclosed the personal data of over 10,000 students and 3,200 educators — in some cases going back about 10 years. Phone numbers, mailing addresses, social security numbers, health information and parent information – all compromised.
I shiver and immediately think of our district. How likely is it that this could happen here? Well… it’s not unlikely.
The same questions keep getting stuck in my brain:
Obviously, these aren’t new questions for me, but now it feels real and somehow more personal. It just happened to Neil!
My phone buzzes again. The assistant superintendent needs help reconfiguring his email. I’m sure this is just one of about a dozen help requests our technology team has already gotten today, so I grab my backpack and head inside.
“Did you hear about the breach at Springland?” one of my IT specialists, Doug, asks me as I walk past his desk on the way to my office.
We talk about the news for a few minutes and I mention that I’ll be scheduling a meeting for the technology team this morning to review our current cybersecurity incident response plan.
Another buzz. Time to dig in to those help requests.
The morning flies by as usual, but I’m so relieved we made time to get together and talk about what's going on. The three people on our team – Doug, Kelly and me – are responsible for all things technology in the district.
I begin by listing what we’ve done so far to manage cybersecurity:
There’s so much more we would like to do if we had the time and resources, but we don’t have the luxury of waiting for those. We go around the room listing the things we would like to be doing on top of what we’re already doing to protect our district.
Given what’s going on at Springland, it seems even more urgent that we get our highest priority initiatives in the works.
I set up another meeting for us tomorrow and plan to start working on a cybersecurity playbook we can walk through with our Security Operations team. Kelly offers to review our Cyber Awareness training materials and see if we can make it into something more interactive for staff and students. Doug says he’ll reach out to some of the local technology teams at other districts to see how they approach cyber-response drills.
A few weeks later, we’ve created an interactive resource staff and students need to engage with after reading our acceptable-use policy. Now we have a better idea of who actually understands it! Based on the results, we can work with individuals to do some cybersecurity awareness coaching.
Doug and I asked about a dozen colleagues from other districts how they approach cyber-response drills. Do they even do cyber-response drills? From our conversations with those that do, Doug and I created a drill protocol of our own that we plan to roll out twice a year. The district leadership team signed off on it yesterday.
Note to self: On cyber-response drill days, bring in a box of coffee… or three.
Source: Verizon. (2019). 2019 Data Breach Investigations Report. Retrieved from: https://www.enterprise.verizon.com/resources/reports/dbir/
We start getting in touch with the technology vendors we currently work with to revalidate what they are responsible for and what we in the district are responsible for, both now and if we experience a data breach.
These aren’t easy conversations, but I already feel better after talking with other technology teams. And moving forward, it’ll be easier to evaluate the security practices of potential new vendors.
The superintendent is thrilled we had these check-ins. It’s a relief to know we have full buy-in from the leadership team.
It’s been about six months since Springland’s data breach and I think our district has come a long way on the cybersecurity front.
The first acceptable-use quiz and cyber-response drill provided a ton of data about where we have gaps in our cybersecurity model.
Obviously, the steps we took don’t come with a 100% guarantee ― hackers are creative, and tomorrow may bring new risks. But I have to admit, I’m sleeping a little better at night, even with the extra coffee on cyber-response drill days.
I feel much more prepared for whatever comes our way.
Source: De La Rosa, S. (2019). Untrained staff, students remains K-12's biggest cybersecurity threat. Education Drive. Retrieved from: https://www.educationdive.com/news/untrained-staff-students-remains-k-12s-biggest-cybersecurity-threat/551493/
Review your cybersecurity procedures with the
