We have all heard the phrase "A chain is only as strong as its weakest link". When it comes to Cyber Security that phrase is all too true. Sometimes a Cyber Attack comes in via something that appears small (like a user clicking on an email link). Sometimes that small thing is an unused userid that is taken over by bad actors without anyone noticing. Not only is this a security risk, but how many times have we read about a school district being audited and written up in the paper for old, inactive user ids?
Old user IDs can present serious exposure. We have seen schools in our area falling victim to malicious activity via an inactive user ID.
Don’t let this happen in your district. There are some basic things your district can do to protect itself from Cyber Incidents and issues with state auditors. There are some excellent tools in the Microsoft world to bring focus to the dead and dormant user and computer accounts. Work with your tech director to implement some of the ideas below.
Next week’s bulletin will discuss “Cyber Attack - Are you as protected as you think you are? - Part One-Malware Protection”
This week’s suggestion:
- Ask your tech director if you have an "off-boarding" process when techs and users with authorized access to resources leave the district and whether that process is used every time.
- Ask your tech director if he/she has at least a quarterly review of user ids on their calendar so it becomes a routine process.
- Continue (or start) the process of coming into line with the NIST Cybersecurity Framework guidelines
If you would like more information on managing user IDs or navigating the NIST CSF journey, please contact Lisa MacDougall at email@example.com or call 845.897.9480.