School District Protects Student Data - With Hacking!

Overview

No funding, no time, and unsure what vulnerabilities are present. These are common traits we see in School Districts in terms of their Cybersecurity posture. Why? Because the cybersecurity solutions industry targets large organizations with unlimited budgets. However, we believe there is a way to bring those same cutting-edge technologies to traditionally under-supported organizations.

In the case of a school district, it was more of the same. They hadn't had a penetration test in nearly 5 years and had implemented some basic security practices, but needed to identify what was out there that a bad guy could exploit.

What Vulnerabilities?

Our engagement with the school district started with two simple items, an external and internal penetration test. They wanted to simulate a bad guy targeting them from outside the network, as well as what an attacker could compromise, IF they had internal network access.

I hope nothing is visible that you would be able to hack...

In our external assessment, we were able to gain access to the internal network through four different vulnerabilities and find sensitive student information publicly accessible. During the internal assessment, we gained Domain Administrator privileges and waltzed by the Anti-Virus solution that was deployed.

Partners in Crime (not)

In every engagement we are involved with, our goal is to ensure that YOU and YOUR organization have a reduction in likelihood of a successful cyberattack. In the case of this school district, they were able to remediate the vulnerabilities and engaged us to monitor critical systems internally with our Managed Endpoint Service.

Our Cybersecurity Suggestions for School Districts

Below are our suggestions for school districts to drastically reduce the likelihood of a successful cyber attack.

• Penetration Testing (or at a minimum vulnerability scanning quarterly) at least once a year for both external and internal systems.
• Multi-Factor Authentication to access network resources and sensitive student information (Skyward/Canvas/etc)
• Managed Detection and Response on critical systems at a minimum (we offer this as a service starting at $15 per system, per month, with no minimum system count)
• Phishing & Security Awareness for faculty

While there are plenty of other suggestions, we believe these will give you the biggest "bang-for-your-buck"

Ready to Start? Contact Us!

Our team is composed of former NSA analysts and operators. We have the know-how and will ensure the best price compared to other comparable organizations. Why? Because we care about traditionally under-supported organizations more than our bottom dollar.