Pedagogical Phishing: Understanding The Morton School District Cyber Attack


February 20, 2017

The recent Morton School District hack is a reminder that everyone is at risk from cyber attacks, and provides valuable insight into how to bolster security.

School Hackers

As computer systems become embedded in every aspect of our lives, no one is safe from cyber attacks. Public schools are particularly vulnerable, as they store sensitive data on their students and employees but often lack the training and equipment to adequately defend it. A recent attack against the Morton School District in Illinois demonstrates just how widespread the risk is. It also serves as an example of what school districts should and should not do to prevent and respond to attacks, potentially helping other schools to keep themselves safe in the future:

Analyzing The Attack

On 31 January 2017, Russian hackers used a phishing scam to gain access to sensitive data from the Morton School District in Tazewell County, Illinois. The hackers sent an email claiming to be from Lindsey Hall, the district’s superintendent, requesting information for W2 forms. A staff member responded to the email by sending out the names, social security numbers, and salary information for 400 of the district’s employees. When the employee received another email from that address requesting more information, she became suspicious and contacted the police. Investigators determined that the email had not come from the superintendent, tracing it to Russian servers instead.

Because the district acted quickly, the potential damage from this attack is low. Although the hackers learned the social security numbers of 400 employees, they did not receive their birth dates or addresses, limiting what they can do with those figures. Authorities provided the employees who were affected by tracking applications they could use to analyze unusual activity that involved their social security numbers. Nonetheless, the fact that Russian hackers successfully stole information from an Illinois school district is unsettling, prompting concerns that other schools may be at risk.

Proactive Prevention

In many ways, the Morton School District is a model for how to respond to cyber attacks. The staff quickly identified suspicious activity, contacted the authorities, and took the necessary steps to keep themselves safe. Ideally, however, school districts should never have to respond to the attack in the first place. Districts should maintain the risk of hacking to a minimum by:

  • Educating Employees– Districts should train their staff on proper cybersecurity measures, notably by teaching them how to recognize and avoid common scams.
  • Assessing Access– Social Security Numbers and other sensitive information should not be available to any employee. Districts should control who has access to such data, thereby minimizing the number of staff who could fall victim.
  • Reinforcing With Redundancy– In addition to stealing information, hackers can also prevent institutions from accessing their data and systems. Schools should have redundant systems and data storage to minimize the risk from such an attack.
  • Security Steps– School districts must institute and regularly update security software, strong passwords, and physical protection for their hardware.

Integris offers schools, businesses, and all other Baltimore, Washington, DC And Across Maryland institutions with valuable cybersecurity support. For more information on keeping yourself safe, contact [email protected] or (888) 330-8808 today.

Used by permission

We're Integris. We're always working to empower people through technology.

Keep reading

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...

Why Is My Laptop Draining So Fast?

Why Is My Laptop Draining So Fast?

Before You Replace Your Laptop Battery, Try These Fixes First Stuck with a laptop that’s running out way before it’s standard 8-10 hours of run time? Don't throw it out just yet.  Try these quick fixes to extend its life: Reduce your screen brightness If possible,...