Audits Reveal Cybersecurity Weaknesses in New York School Districts

The Office of the New York State Comptroller has completed audits on three school districts in the state. The audits uncovered that the districts have neglected to follow some crucial cybersecurity policies, leaving them potentially vulnerable to cyberattacks.

The state performed audits on the Clyde-Savannah Central School District, the Honeoye Falls-Lima Central School District, and the Naples Central School District.

The report for the Clyde-Savannah Central School District found that “Officials did not regularly review network user accounts and permissions to determine whether they were appropriate or needed to be disabled.” It found more than 350 unneeded network user accounts, more than 50 unneeded shared or generic user accounts, and five unneeded administrative user accounts. The report defined unneeded accounts as those that have not been used in at least six months. Additionally, the audit uncovered 224 user accounts belonging to graduated seniors that should have already been disabled or deleted.

The report recommended that the district “regularly review network user accounts and disable those that are unnecessary.”

Cybersecurity

The Honeoye Falls-Lima Central School District report revealed that the district failed to “adopt key information technology (IT) security policies, resulting in increased risk that data, hardware and software may be lost or damaged by inappropriate use or access.” Most notably, it uncovered that many school computers were being used for non-academic activities like online banking, shopping, and gambling, according to New York ABC affiliate WHAM.

It further speculated that users may not have known that visiting these types of websites could have an impact on cybersecurity. According to Jonathan S. Weissman, senior lecturer at the Rochester Institute of Technology, “Humans are the weakest link in any cybersecurity implementation. All it takes is one user to open a link or open an attachment to undermine everything as far as cybersecurity is concerned.”

Finally, the audit for the Naples Central School District similarly found 89 accounts that had not been used for at least six months. Of these, seven had never been used, and 63 more of them were “unneeded,” according to the report. The report explains, “Unneeded network user accounts can be potential entry points for attackers because they are not monitored or used and, if accessed by an attacker, possibly could be used to inappropriately access and view PPSI [personal, private and sensitive information].”

As most K-12 schools around the country continue to operate using virtual and remote learning, proper cybersecurity measures have gained an extra degree of importance.

The state office requested that all three districts adopt and maintain comprehensive IT security procedures, conduct regular reviews of all network user accounts, and delete or disable unnecessary items. The districts agreed and have begun putting measures in place to address the issues.

About the Author

Matt Jones is senior editor of Spaces4Learning. He can be reached at [email protected].

Featured

  • 5 Tips for New Teachers and Their Administrators on Classroom Design

    Recently, several school visits early in the academic year highlighted how many first-year teachers struggle to set up their classrooms effectively. It's evident that more can be done to better support them from the start, particularly in the area of classroom design.

  • Texas School District Opens New Elementary School

    The Boerne Independent School District (Boerne ISD) near San Antonio, Texas, recently opened a new elementary school that serves almost 500 students, according to a news release. The district partnered with Pfluger Architects to build the 97,151-square-foot Viola Wilson Elementary School, which opened in August.

  • Call for Opinions: Spaces4Learning 2025 Predictions for Educational Facilities

    The K–12 and higher education facilities landscapes are always evolving. Schools are constantly adapting to technology advances, pedagogy changes, sustainability initiatives, and more.

  • OpenStax Celebrates 25th Anniversary of Providing Open Educational Resources

    OpenStax, which expands access of K–12 and higher-education resources and research-informed educational tools, is celebrating its 25th anniversary as 2024 comes to a close, according to a news release. The educational initiative from Rice University has served almost 37 million students in 153 countries and saved students nearly $3 billion in educational costs since its launch in 1999.

Digital Edition