Technology director for Midland schools discusses ransomware

According to the Cybersecurity & Infrastructure Security Agency of the United States, ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.

As the word indicates, those responsible for the malware then demand a ransom in exchange for decrypting the files.

"It is becoming a much larger problem," Dziedzic, who is starting his 22nd year with MPS, said of ransomware. "We've been pretty fortunate that we’ve only had one instance (of ransomware, about five years ago). We caught it right away and we made sure there was no damage. All we had to do was restore a few files."

The education field as a whole, Dziedzic said, has not been a frequent target of ransomware until the past few years.

"The hacking has been targeted more to people at home. By and large, they avoided education (until recently)," he said. "But with education financing being tight, some districts can’t afford (cyber)security. Education became a soft target."

Steps taken to guard against ransomware and other malware

Dziedzic, who is one of 15 full-time employees in the MPS technology department, discussed several measures the district takes to prevent ransomware and other kinds of malware.

"Google does our email and does a good job of filtering out ransomware," he said. "We also have anti-virus scanners that look for that kind of stuff on our Windows machines."

Beyond those safeguards, Dziedzic said the Center for Internet Security (CIS) works together with the U.S. Department of Homeland Security to help public-sector entities, such as school districts, stay current with their cybersecurity.

"For the public sector, (CIS) membership is free," Dziedzic said. "We get weekly situational reports (from CIS) on the risks out there and what’s new and what to watch for."

Educating within the district

As important as it is for a school system to have effective filters and scanners and to enlist the help of cybersecurity experts, it is just as key to educate a district's own staff, students, and families.

"We keep trying to educate our staff and make sure they don't open emails (whose senders) they don’t recognize," Dziedzic said. 

Many organizations now are even testing their own staff members by creating artificial phishing campaigns to see how many people reveal their personal information in response. Dziedzic said MPS itself will likely do such a campaign in the near future.

"One thing they want us to do next year is do a phishing campaign within our own staff, then offer remediation in the form of education," he said. "That’s becoming very popular around the country. It lets you know who might need a little more education on (phishing). That way, they don’t’ fall for a real (phishing campaign)."

Of course, with digital technology being so pervasive in the school system, cybersecurity awareness among students is also crucial.

"There are really good programs for kids on how to be Internet-safe," Dziedzic said. "We provide links on this stuff for teachers and parents."

One such program that Dziedzic endorses is Google's “Be Internet Awesome."

"It 'gameifies' security and teaches kids about it through playing a game. And then they can go back and explain it to their parents," he said. " ... If we can get the kids engaged in it and have them have conversations with their parents, that will help everybody."

Four points to remember

When asked for the most important points to remember when it comes to cybersecurity, Dziedzic offered four counsels.

1. If it seems suspicious, it is suspicious. Don’t open it.

2. "If you aren’t expecting an email from someone and it’s asking you to do something, we recommend you verify with that person (that they really did send the email)," Dziedzic said. "Always, always confirm with that individual by some other means (than replying to the email). (Hackers) are preying on people's good intentions."

3. Change your password and use two-factor authentication whenever you can. "That makes it harder for bad actors to get into your account. It provides another layer of defense," Dziedzic said.

4. Never share your password with anybody. "We tell kids that all the time, and staff, too," Dziedzic said. "I use a password manager and there are some good ones out there that are encrypted and keep your information local." He recommended LastPass, 1Password, and Dashlane as three good password managers which all offer family plans.

Becoming 'second nature'

Protecting against hackers just needs to become automatic, Dziedzic said.

"My (technology) team tries to think about everything we do now (in terms of security). It has to become second nature for us," he said. "We need to get it to the point with our staff and students, too, where it’s second nature."

Comments are closed.