Alludo Blog

School Districts Can't Be Run Like Casinos

Written by Damon Torgerson | Nov 29, 2023 10:09:14 PM

We were lucky enough to have Dr. Mike Swize share his thoughts on cybersecurity in school districts. He covers a wide range of topics.

🔒 Why even the best firewalls can't shield us from human error.

💥 Breaches led to multimillion-dollar ransoms and losses, and why this matters to school districts.

👨‍🏫 Unique challenges schools face in guarding sensitive information and why it's a non-negotiable duty.

📧 Find out how a single email can jeopardize entire organizations, and why this should concern us all.

🛡️ Learn from their best practices and see why continuous staff training isn't just helpful—it's essential.

 

Transcript

Everyone probably saw in the news recently that several Las Vegas casinos were attacked by hackers and malware.

And actually, one casino decided to pay a multimillion dollar ransom to get their system back, while another one and suffered what some people estimate to be a hundred million dollar loss in the company.

This really got me thinking.

I'm Mike Swize. I'm a retired superintendent from Palm Springs Unified School District in Southern California.

The district has about twenty thousand students and thousands of employees.

And our cybersecurity, was at a very high level. So it's something we took very seriously, made sure that our firewalls were good and that our password, pro calls were strong, but at the end of the day, no matter how much we invested in our cybersecurity in the school district, the point of entry, it's people.

It's people, people who maybe aren't completely people who fall victim to phishing attacks or, false emails.

And I know that in Riverside County, a very large, county in Southern California, there were school districts that were also attacked with ransomware.

We have an obligation to keep our student and staff data so incredibly safe. I mean, it's it's one of the most important things that we do. These are children, right, that that we work with in school districts.

And just somebody clicking on a link in an email or responding to some, phishing attempt could put all of that data jeopardy.

You know, what I understand happened to one of the casinos is somebody sent an email pretending to be, somebody from the IT department and saying, Hey, we need to do a password reset. And a person gave their password. And from there, they were able to get into the whole system.

So, again, I applaud all of my colleagues who are working so hard to keep our data, and computer safe in public education.

But I just think it's important to remember that the spot of entry, the point of entry is usually some kind of social engineering, that gets a person, an employee to click on a link or give up their password. And so these multi million hundreds of millions of dollar organizations, can be put at risk by somebody who's just innocently clicking a link. That's why training is so important. I I know someone colleagues in Haroopa, unified also in Riverside County.

They're doing amazing things, making sure that their staff are trained. In Palm Springs, we did false fishing attempts, to test our employees to see if they would click on links. And so those are a few of the the best practice that are out there. But, I just wanted to spend a few minutes this morning talking about cybersecurity and and public education and our obligation to keep student data safe.