Alabama Superintendents Warned Cyberattacks on the Rise
Cyberattacks are on the rise among schools nationwide, and six Alabama districts have been hit in the past two months.
That’s according to the state education department’s head of information security, Dave Pope, who warned Alabama school superintendents gathered in Montgomery on Wednesday about the growing danger.
Pope said all it takes is one click in one email to shut down an entire computer network.
Houston County in south Alabama had to delay opening for the new school year by more than a week after a cyberattack in July. Superintendent David Sewell told the Dothan Eagle there was no ransom demand, and the district’s cybersecurity safeguards kept the attack from spreading.
But employees had to spend time rebooting all 4,000 computers in the district, Sewell said.
Pope pointed out recent attacks on public agency computers in Texas, Louisiana, Georgia, and Florida. He didn’t name the six Alabama districts that were attacked but said those attacks involved ransomware and viruses.
Pope said districts should be training all of their employees on cybersecurity procedures on an annual basis.
Pope, charged with keeping the records of all 720,000-plus students secure, said if a district gets attacked, that attack can spread to the state department of education.
“If you think it’s a virus or think it’s ransomware,” Pope said, “you need to call us.” The computer network between the state department and the school district will be closed until the superintendent can certify the outbreak has ended, Pope said.
Cutting off that communication between the district and the state department will impact the district’s ability to enroll and transfer students, but it’s absolutely necessary, Pope said, until the outbreak is handled.
Pope is a “certified ethical hacker” and forensic computer specialist. He said all those titles just make him “the most paranoid IT (information technology) guy you’re ever going to meet.”
In addition to letting the state department know about a cyberattack, Pope said, district officials should contact local law enforcement and their internet service provider.
Another important step, Pope added is to “yank the (infected) computer off the network so you can have your security team take care of it.”
Pope said there are security teams at two state authorities that can help a district with an outbreak.
The FBI released a public service announcement in 2018 to raise awareness among parents and students about cyberattacks on schools. “Malicious use of this sensitive data could result in social engineering, bullying, tracking, identity theft, or other means for targeting children,” the FBI stated.
Alabama Superintendent Dr. Eric Mackey told the group he is talking with other education groups about options for cybersecurity insurance. “We’re looking at how we might get better rates if we pool together,” Mackey said.