As some of you may be aware, the Los Angeles Unified School district was recently the victim of a cyber security attack which left several of their systems unusable for an extended period of time. Unfortunately, this is not an isolated incident in the education sector. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have been issuing warnings that several ransomware organizations are specifically targeting the educational sector due to the vast amount of personally identifiable information (PII) available in the EDU space and the fact that the EDU space typically is the ‘lowest hanging fruit’ in the cyber world. Indeed, in 2021, U.S. schools lost $3.56 billion to ransomware attacks, and saw two educational institutions “shut down for good,” said Aaron Sandeen, CEO at Cyber Security Works (CSW).
While the Technology department does our best to reduce our “attack surface” and mitigate against attacks, it is also imperative that staff remain vigilant. Cyber criminals will attempt to compromise staff credentials to get “a foot in the door”. The most common method of obtaining credentials is through phishing attacks. As a reminder, phishing is when a malicious actor attempts to trick you, the user, to divulge personal information, such as passwords or financial information. Unfortunately phishing campaigns are becoming more and more convincing as time goes on. Malicious actors are becoming quite efficient at perfectly replicating emails to look like they are coming from legitimate sources such as Amazon, Netflix, Apple, etc.
Pictured below are some tips to identify phishing emails. Feel free to save or even print and hang it in your room/office as a daily reminder for you and our students on how to stay vigilant against someone out to take advantage of you:
Another method malicious actors use is pop-up messages while you are browsing the web. They will typically tell you that your computer is compromised and that you NEED to contact them for remediation. Please remember that NOBODY – not P-CCS Technology, Microsoft, Apple, etc. will ever display a pop-up on your computer asking for you to contact them. These are ALWAYS a scam. Here is an example of such a scam:
If you believe you have been the victim of a phishing attack, please submit a service ticket as soon as possible. We will not pass judgment as everybody makes mistakes. Our priority is to safeguard student/staff data and secure district resources such as the impacted technology equipment. Without knowledge, we cannot take the necessary steps to protect student and staff data from being exfiltrated and sold on the dark web.
As stated previously, we are continuously monitoring for malicious behavior and working towards improving our cyber security posture. If you have any questions or concerns, please submit a service ticket. And remember: Think before you click.
Below are some additional resources to help protect yourself from cyber criminals:
PayPal – Learn About Fake Messages
CISA – 4 steps for online safety
Ready.gov – Prepare yourself for cybersecurity attacks
Thank you for doing your part,
P-CCS Technology Department