We live in interesting times and continue to face unique challenges to keep your school district safe and stable so teachers can teach, students can learn, and the staff behind the scenes can do all the important tasks that make the district function well.

You have probably heard of the AT&T breach by now. Reports describe it as the largest breach in history with serious national security consequences. AT&T has reported that threat actors stole all client call and text records for six months. I have not read anything indicating that the threat actors know the contents of any […]

“Trust but verify.” -President Ronald Reagan, December 8th, 1987, at the Intermediate-Range Nuclear Forces (INF) Treaty Signing I watched a presentation the other day by the head of Threat Operations for a major Security Operations Center (SOC) that provides 24/7 security oversight over networks like yours.

It has been a rough two weeks for many of us who support technology for our school districts. We have experienced the worldwide meltdown of CrowdStrike due to a faulty update.

During the Pandemic, Threat Actors had a field day using phishing and SEO poisoning to attack users. We are in the same climate again with the horrible events of the last few days. Threat actors who practice phishing attacks are already using this event to send bombastic emails with salacious titles mentioning the event, knowing […]

Gabe, Lisa, and I attended the annual CyberSecurity Summit at my Alma Mater, Marist College. Back in the day, at the beginning of the IBM/Marist Joint Study, I was asked to be on the board of that program. My 20-year-old self had a lot of fun hanging out with the CEO of IBM and discussing […]

CISA in their January and August 2023 Bulletins again called out some of the most important ways that schools can protect themselves from cyber attacks. In both reports, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.

As we attempt to harden our networks and strengthen our passwords, I wanted to bring up something again I have talked about in various settings. Password lock-out policies. Since the beginning of time, we have had a basic password lock-out policy.

Recently it was worldwide “change your password” day! I have a few thoughts. If you attended the CSI CyberSecurity event in December, you heard the NYS SED CISO get caught up in the incongruent password guidance between NYS and NIST CSF. Unfortunately, there was no breakthrough in this discussion, but NYS SED heard you that […]

Would you be comfortable giving your plumber the key to your house so he/she can come in at any time to fix anything they might feel is amiss? The answer is probably no. Did you know that when you give a vendor unfettered access to your network you are essentially doing the same thing? Similarly, […]