Audits Reveal Cybersecurity Weaknesses in New York School Districts

The Office of the New York State Comptroller has completed audits on three school districts in the state. The audits uncovered that the districts have neglected to follow some crucial cybersecurity policies, leaving them potentially vulnerable to cyberattacks.

The state performed audits on the Clyde-Savannah Central School District, the Honeoye Falls-Lima Central School District, and the Naples Central School District.

The report for the Clyde-Savannah Central School District found that “Officials did not regularly review network user accounts and permissions to determine whether they were appropriate or needed to be disabled.” It found more than 350 unneeded network user accounts, more than 50 unneeded shared or generic user accounts, and five unneeded administrative user accounts. The report defined unneeded accounts as those that have not been used in at least six months. Additionally, the audit uncovered 224 user accounts belonging to graduated seniors that should have already been disabled or deleted.

The report recommended that the district “regularly review network user accounts and disable those that are unnecessary.”

Cybersecurity

The Honeoye Falls-Lima Central School District report revealed that the district failed to “adopt key information technology (IT) security policies, resulting in increased risk that data, hardware and software may be lost or damaged by inappropriate use or access.” Most notably, it uncovered that many school computers were being used for non-academic activities like online banking, shopping, and gambling, according to New York ABC affiliate WHAM.

It further speculated that users may not have known that visiting these types of websites could have an impact on cybersecurity. According to Jonathan S. Weissman, senior lecturer at the Rochester Institute of Technology, “Humans are the weakest link in any cybersecurity implementation. All it takes is one user to open a link or open an attachment to undermine everything as far as cybersecurity is concerned.”

Finally, the audit for the Naples Central School District similarly found 89 accounts that had not been used for at least six months. Of these, seven had never been used, and 63 more of them were “unneeded,” according to the report. The report explains, “Unneeded network user accounts can be potential entry points for attackers because they are not monitored or used and, if accessed by an attacker, possibly could be used to inappropriately access and view PPSI [personal, private and sensitive information].”

As most K-12 schools around the country continue to operate using virtual and remote learning, proper cybersecurity measures have gained an extra degree of importance.

The state office requested that all three districts adopt and maintain comprehensive IT security procedures, conduct regular reviews of all network user accounts, and delete or disable unnecessary items. The districts agreed and have begun putting measures in place to address the issues.

About the Author

Matt Jones is senior editor of Spaces4Learning. He can be reached at [email protected].

Featured

  • California District Completes Second Phase of Construction on Innovation Campus

    The Milpitas Unified School District (MUSD) in Milpitas, Calif., recently announced that Phase Two of construction is complete on the MUSD Innovation Campus, according to a news release. The district is partnering with Blach Construction and Quattrocchi Kwok Architects (QKA) on the education and workforce development center, which will support Calaveras Hills High School.

  • San Diego High School Hits Construction Milestone

    Part of a whole-site modernization project at Mira Mesa High School in San Diego, Calif., recently reached a construction milestone. The final steel beam of the new classroom and student services facility was put into place, completing the building’s structural framework.

  • The Impact of School Security on Student Well-Being

    One of the most fundamental human requirements, as outlined in Maslow’s hierarchy of needs, is the provision of basic needs: food, shelter, and clothing. In school, this hierarchy of needs shifts to include the need for physical, mental, and emotional safety. The student mind is not biologically wired to deal with the negative impacts of unsafe environments, which implies that security has a major impact on student well-being.

  • Minneapolis Public Schools Continues Work on New Construction, Renovation Projects

    Minneapolis Public Schools in Minneapolis, Minn., is working with integrated construction management firm Kraus-Anderson on renovations to North High School that include a new Career & Technical Education (CTE) Center, according to a news release. The three major components of the project are new academic and athletic spaces, a new central student commons, and a North CTE Center.

Digital Edition