tr?id=304425946719474&ev=PageView&noscript=1 Responding to Potential and Successful Cyber-Attacks Against US Schools - Part 2

What Schools Can Learn From the Biggest Cyberattack Ever on a Single  District

Part 2 – Multifactor Authentication & Mitigation Strategies

Once you enhance your security by integrating ideal password management practices, the next logical step is to integrate Multi-Factor Authentication (Henriquez, 2019). With Multi-Factor Authentication, you confirm your identity with both an account password and a secondary code. There are generally three (3) ways you receive this code. Via email and via text message are the two most common ways the average person receives a secondary code. This makes it so that if someone gained access to your account’s password, that person would not be able to gain access to the account without the secondary code. The idea being that a perpetrator is less likely to have gained access to both the account in question and, for example, the email address where you receive secondary codes. Receiving codes via text message could be considered more secure, because the device is with you and typically only accessible on your phone, rather than an email address which can be accessed anywhere via the internet. The third way to receive your code is, perhaps, the most secure way of making use of Multi-Factor Authentication. In this instance, you use an authenticator app to receive the secondary code. You set this up by first enabling the authenticator app you will use within your password vault. This first step can be as simple as pressing a button labeled “Enable” next to the one you’ve selected. Google Authenticator and Microsoft Authenticator are likely to be options on any password manager you choose. You then visit the app store on your phone (Google Play or the Apple Store, for example) and download the authenticator app you will use. Once the app is downloaded, you will then connect your password manager to the authenticator app. You can do this by re-visiting the section in your vault where you enabled Multi-factor Authentication. Your password manager’s system will show an option for connecting your authenticator app, and once clicked, it will display a QR code. When you re-visit your authenticate app and click the necessary button to add an account (a simple plus icon in Google Authenticator, for example), your camera will automatically scan the QR code and add the account (of course, you need to make sure your phone’s camera is pointed at the code). From this point on, whenever you access the account in question with your password, you will be prompted to enter the code sent to the authenticator device on your phone. This means that no one will be able to access your account unless they have your account password and your phone. You may now see why this is such an effective practice.

The avoidance of phishing scams, password management, and Multi-Factor Authentication are clear actions teachers and students can take to prevent initial or subsequent cyber-attacks. However, it is also worth noting how one can prepare for a cyber-attack that has succeeded in crippling a district’s operations.

The first action that one can take in anticipation of a potential successful cyber-attack is to remain current on crisis management strategies, often provided by one’s school district and state and national agencies. The day of the attack, our district’s phone system and internet were disabled, which prompted our administration to distribute walkie talkies to each Department Coordinator, myself included. Faculty members were instructed to direct all critical communications to their Department Coordinator, who would use the walkie talkie to contact the administration. Guidance counselors served as messengers, carrying secondary information to individual classroom as needed. ALICE procedures, designed to guide district members if there is an active shooter in a school, were also in place. This is because cyber-attacks can be the prelude to a traditional attack.

Remaining current on crisis management strategies often involves informing and training students. For example, I, as a Homeroom teacher, am responsible for reviewing the ALICE procedures referenced above with my Homeroom students. In times of crisis, I am responsible for keeping those students current on any useful information. In the same way, it would be wise to keep students current on the cyber-attack (unless directed not to). Each day, I would pass on what information I knew to both my Homeroom and German students. It seemed to me that they appreciated being given that information. I also took the opportunity to speak with them about what they can do to help prevent cyber-attacks (including much of which I am describing here).

Another action teachers can take to be in a better position to handle the effects of a cyber-attack is to develop flexible instructional practices and plans for such an event. This can be as simple as developing general concepts for teaching under these circumstances or be detailed enough to include pre-made lesson plans. Using my recent experience as an example, there are three (3) specific scenarios a teacher might be wise to prepare for.

  1. No internet available for instruction With the push to transform traditional face to face instruction into instruction that can be delivered in any format (in-person, synchronous, asynchronous, remote) came major changes in the way teachers operate on a day to day basis. Even teachers who had avoided relying on technologies such as our district’s Learning Management System had to do so when Covid-19 came. Once one changes, it can be difficult to change back. However, this is exactly what teachers in my district needed to do. For the first week, we had an operating phone system but neither teachers nor students had internet access. All lesson planning and implementation, instruction, and assignment completion and submission had to be done without the internet. In my own example, this required pulling textbooks last used nearly ten (10) years ago out of the closet and putting them back into use. Learning occurred slowly by comparison to modern methods, but it was a viable temporary solution. Using textbooks allowed my students and I to operate entirely without the internet. Teachers without an in-place textbook series might be wise to find (or develop) materials and place hard copies of them into their classrooms. We worked without any internet for one week.
  2. Internet available to teachers, but not to students After restoring the phone systems, our technology staff then restored internet for teachers. However, student internet access was not restored for another week. In this scenario, teachers can use the internet to research whatever topics are needed to prepare activities, lessons and assignments, that students can complete without the internet.
  3. Internet available to everyone, but services missing After three weeks, internet was restored for all district members. However, certain services, such as our Learning Management System, were still unavailable. In this scenario, teachers could prepare activities that are internet-based but do not rely on the Learning Management System to distribute assignments and collect submissions. It might also be wise, from a practical standpoint, to hold the collection of all assignments until the Learning Management System is operational again, so that students can be directed to submit all work to it. Managing hard copy submissions may prove to be unappealing to those who have grown accustomed to using an online system.

During the restoration process, we saw a number of new faces in our school buildings. This was because a common part of dealing with a cyber-attack is bringing in a third-party service to assist with restoring operations. These companies are tightly focused on, and experienced with, aiding school districts with cyber-attack recoveries. One might be wise to make every effort to be welcoming to representatives of the third-party.

Unfortunately, it seems cyber-attacks on school districts are likely to continue. However, previous attacks have prompted everyone affected by them to carefully consider how to handle successful attacks and how to better prevent future attacks. It is my hope that this overview of the current status of cyber-attacks against school districts, my first-hand account of a cyber-attack, and these prevention and mitigation strategies, will aid practitioners who wish to appropriately respond to potential and successful cyber-attacks on school districts.