It was a very busy summer for all of us. Summer and the start of the school year felt much more "normal" to us.
Putting my parent hat on, my youngest's third-grade teacher approached me and told me she wished she had a classroom full of my daughter. At the same time, my high school senior son who now has a car has been flagged as late so much already that the school is about to pull his parking pass.
The best of times and the worst of times.
We've accomplished a lot but those that would do us harm have done a lot too. Attack techniques have shifted. There have been some major breaches at companies like Microsoft that are very frightening. Many of the basic security assumptions we have been operating under no longer are enough to keep everyone safe.
For all of you still with recalcitrant teachers fighting you on multi-factor authentication (MFA) you should let them know that if the district is breached, the attackers will now most likely, directly demand ransom from them in addition to whatever happens to the district - and then they will most likely release their data anyway. Security is everyone's responsibility.
For those that are still requiring an 8-character password with complexity as your basic standard the average time to hack is now 5 minutes! If you don't have MFA enabled as well, you are sitting ducks.
And we are seeing fewer spam ads for email account compromises and more very intentional, stealth activity where the attacker is reading emails and setting up forwarding rules looking to insert themselves into the email flow in order to steal money as happened over the summer in a Rhode Island school district.
We are also seeing the rise of texting spam. Two weeks ago, an area district told me about a district teacher who got a direct text message on their personal cell phone from their "Superintendent" welcoming them back and offering a "link" of helpful information to start the school year. The attacker obviously identified the person as a teacher and found their personal cellphone number. Intentional, targeted attacks are increasingly the norm now.
We live in scary times, and we all have to up our game to keep our schools safe and stable so they can focus on teaching and learning for our kids.
In the coming weeks and months, Bob and I will continue our 44-year tradition of unpacking all of this stuff and sharing our thoughts as to what you should be doing.
If you need help working through all of this, please reach out to us.