Nanaimo-Ladysmith school district is taking steps to boost cybersecurity measures.
Currently, the school district has some 15,000-plus devices wired to its network – such as tablet and laptop computers, surveillance cameras and heating, ventilation and air conditioning – plus some 7,000 personal devices that log on daily, noted a business committee staff report.
At the committee meeting last month, Mark Walsh, secretary-treasurer, and Zeyad Merchant, director of information and technology, told trustees about work to safeguard against online attacks. Walsh said the district faces "some serious cybersecurity issues, particularly given the sensitivity and depth of personal information" it gathers. However, he added that the district's IT department is being proactive.
"Generally, we're good on the privacy front in the way that we would respond to breaches…" Walsh said. "One of the reasons to bring this report to the board is multi-factor authentication. When you [log in to] your DoorDash account nowadays, you have to sign in via e-mail and you get a text or some other form of confirmation. That is coming to SD68 as a very baseline security measure."
Data breaches, holding people's access to computers and information hostage via ransomware, and 'phishing' scams to steal personal information or upload viruses are some contemporary threats, the report noted.
According to a report from Forbes that looked at more than a dozen countries, 83 per cent of schools were victimized by some form of ransomware in 2022, with K-12 "the single most targeted industry, edging out higher-education, and surpassing government, construction and health care," noted an SD68 staff report.
Trustee Tania Brzovic wondered about the two-factor authentication, pointing to issues with the fingerprint option on cellphones. There are many security options people can choose from, but nothing is foolproof, staff replied.
"The most common one that you're familiar with, probably, is the text … There are weaknesses in that as well because the bad guys also have a unique ability to fake and spoof cellphone numbers, convincing people to answer a text that actually is coming from an illegitimate source," Merchant said. "It's now widely known that [short message service] texts are actually a weakness as well."
He said there will be various options for two-factor authentication. Many people have multiple phones and there are some modern apps that are currently secure.
"I'm going to highlight the importance of second-factor authentication," Merchant told the committee. "In the old days, your firewall and internet strength was really what was protecting you. Today, your firewall … the actual username and password … that's what's targeted most frequently."
