Resources

CISA in their January and August 2023 Bulletins again called out some of the most important ways that schools can protect themselves from cyber attacks. In both reports, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.

As we attempt to harden our networks and strengthen our passwords, I wanted to bring up something again I have talked about in various settings. Password lock-out policies. Since the beginning of time, we have had a basic password lock-out policy.

Recently it was worldwide “change your password” day! I have a few thoughts. If you attended the CSI CyberSecurity event in December, you heard the NYS SED CISO get caught up in the incongruent password guidance between NYS and NIST CSF. Unfortunately, there was no breakthrough in this discussion, but NYS SED heard you that […]

Would you be comfortable giving your plumber the key to your house so he/she can come in at any time to fix anything they might feel is amiss? The answer is probably no. Did you know that when you give a vendor unfettered access to your network you are essentially doing the same thing? Similarly, […]

Happy Spring! As Spring break looms for most of you, I once again need to be a killjoy and remind you of a stark reality. Whenever you and your team are enjoying some downtime and have more limited staffing, the bad guys are working extra shifts trying to break into your and your peer’s networks.

I know of three CIAs: The Central Intelligence Agency (CIA) The Hudson Valley’s Culinary Institute of America (CIA) The Triad of Information Security – Confidentiality, Integrity, and Availability (CIA) The first chapter of every Certified Information Systems Security Professional (CISSP) training is always about this Triad of Information Security.

Please join us on Wednesday, March 8th, as Scott Quimby delivers a special update addressing the current K-12 cybersecurity challenges, NIST Cybersecurity Framework (CSF) alignment as it relates to Ed Law 2-d, and NEW actions to improve your district’s security posture, help you with documentation, and measure your technology teams productivity.

It seems like Cyber Attacks are happening everywhere these days. Whether it’s a national news report of an attack against a company that has your credit card information or local news reporting a school district like yours that’s been hit with a ransomware/data breach, these stories are plentiful.

Everyone knows the adage “No one is perfect”. Unfortunately for anyone with a computer network, the bad actors who want to infiltrate your system are ready to take full advantage of any mistake they can find. The Cybersecurity and Infrastructure Security Agency (CISA) knows this, as they called out CPG 1.E (Mitigate Known Exploited Vulnerabilities) in […]

Join Cisco and CSI for a very special upcoming webinar. We will be joined by several specialists from Cisco (including Cisco Talos) who will discuss the dangers of spyware, deep links, content manipulation, malware, and keyloggers, and how to protect your school district from these threats.

Scott Quimby discusses the following: Reading DMARC reports – In preparation for achieving DMARC Quarantine status, Scott will walk you through reading DMARC reports and look at what they mean and what actions are required based on the data.

My wife works for a multi-billion dollar hospital network you all will know. Every time she signs into their mandated VPN and MFA solution she curses out, “How annoying it is to have to do this each time to do anything!” I was the only “IT guy” in earshot to hear her frustration.

New York State K-12 school districts must follow EdLaw 2-d. We all know that is easier said than done. It is hard work with limited staff and limited resources to properly protect student and staff personally identifiable data while protecting the integrity of the district’s network and making sure there are proper controls to protect […]

Microsoft has tried hard to increase awareness of “pass the hash” attacks. They have been patching, but the threats keep coming. Back in April Microsoft released something quite awesome – their next-generation Local Administrator Password Solution (LAPS). Quite simply LAPS allows you to automatically rotate the password for a designated “local administrator” account on endpoints.

Join us, as Jeff Pigula, CSI Senior Network Engineer (Cisco CCNA and CC-NSF) will be discussing the changing world of PoE power management – what you need to know to keep from being driven crazy with the proliferation of new PoE devices being added to your network.

March marks the month that I have been working with technology professionally for 46 years! It seems like yesterday that as a 16-year-old high school student I got my first part-time job (Thursday evenings and Saturday mornings) talking to people about technology.

This week, I would like to talk to you about Malware Defenses. This topic is in the NIST Detect and Protect categories. Antivirus has been around for what seems like forever. However, as long as antivirus has existed, we have had the problem with getting it on “all” servers and “all” endpoints.

We are pleased to announce our upcoming Tech Talk/SYSOP will be IN PERSON on Wednesday, April 17th! This is the first in-person Tech Talk since the pandemic and we are looking forward to seeing you all there! We encourage you to join Bob Knapp, Scott Quimby, and members of the CSI engineering team in person as they […]

‘Those who cannot remember the past are condemned to repeat it’ -George Santayana From his work; Life of Reason, Reason in Common Sense 1905 You have so many tasks you “must do” to keep your district safe.

What would you do if you came into school tomorrow and were told that all your District’s data had been corrupted? Your next step would be to check in with your IT staff to see if they were clearing your system and restoring your data with a backup.

Now that I work in a hybrid mode, it is always so annoying when I go to the office and forget my office keys. I have to ask someone to let me into my own office. The same is true for all of us techs with admin credentials. We are the ones building, rebuilding, installing, […]

We live in interesting times and continue to face some very unique challenges to keep your school district safe and stable so teachers can teach, students can learn, and the staff behind the scenes can do all the important tasks that make the district function well.

We live in interesting times and continue to face some very unique challenges to keep your school district safe and stable so teachers can teach, students can learn, and the staff behind the scenes can do all the important tasks that make the district function well.

Join us, as Scott discusses his latest “Tech Tidbits” including updates on security and industry news since we last got together. Watch it here × Please fill the form below

Join us, as Scott discusses his latest “Tech Tidbits” including updates on security and industry news since we last got together. Watch it here × Please fill the form below

Tech Tidbits – Scott’s updates on security, updates, and industry news since we last got together. Harden your endpoints as part of your overall security plan – We talk about patching constantly. However, recent ransomware attack post-mortem analysis has shown that there are a number of free, and mostly easy endpoint configuration changes you can quickly make to […]

Tech Talk Part II will be a special session on email. We will talk about the following: Reading email headers. Every time something bad comes into the district, there is invariably a question about where it came from and why it got in.