An influx of heightened cybersecurity measures will soon be implemented in the Great Neck Public School District to combat recent viral data breaches in schools across the nation.
A presentation was made during Monday’s Board of Education meeting by the school district’s technology director, Marc Epstein.
Epstein discussed relevant issues other schools have faced with cybersecurity, provided necessary means of combating those issues, and presented future recommendations in the near future.
“I’ve always emphasized the primary mission of our program is to provide an innovative, educational environment with access to online resources and digital tools to promote the twenty-first education,” Epstein said. “Tonight, the goal of my presentation is to raise awareness of two such topics that have always been of utmost importance to us in the backroom; cybersecurity and data privacy.”
Epstein, who has been the district’s technology director for the past 23 years, highlighted past examples of ransomware attacks on schools. Ransomware is a computer virus that can be displayed on many different platforms with the ultimate end goal being the illegal lock of user files.
According to Epstein, more than 500 schools across the nation were hit by ransomware viruses in the first nine months of 2019. From Louisiana to Rockville Centre, domestic and foreign hackers have caused schools to pay upwards of $100,000 to retrieve their data back.
“The reason that many of the ransom notes from hackers request cyber currency such as bitcoin is that they are able to not leave behind a paper trail,” Epstein said. “That’s what makes these people so dangerous. It can happen at any time with just one spam email or one flashy advertisement.”
State education law § 2-d prohibits the unauthorized release of the personally identifiable student, teacher, or administrator data. The law, which went into effect in April 2014, outlines certain requirements for schools and their third-party contractors to ensure the security and privacy of such protected information.
Epstein said that the regulations to adhere to this law, which is unfunded mandates, must be implemented by the winter of 2020. Some requirements that must be addressed are the hiring of a data protection officer, developing an action plan, providing staff with data privacy and cybersecurity training, and developing parental complaint procedures and logs.
“It all may sound like a movie or a spy show, but the attacks that our schools and others are at risk for are all very real,” Epstein said. “These state-mandated regulations are going to be implemented to prevent us from falling victim to their schemes.”
Despite the need for additional cybersecurity protocol, Epstein also said that the school district has been proactive in some measures. Along with basic cybersecurity tactics and updated policies that prioritize student and faculty safety, Epstein credited the district for “staying current” in a rapidly changing environment.
“The district regularly updates our software and antivirus versions, monitors the firewall protection, strengthens password protections, and has a disaster plan developed,” he said. “Additionally, we recently joined the Nassau Board of Cooperative Educational Services, which allow us to expose our staff to online training, data privacy meetings, and cybersecurity news updates.”
Epstein made several recommendations to the board to consider implementing within the next year. He said that the main staffing concerns should be centered around a network security technician, a North High developer, and a data protection officer.
Board President Barbara Berkowitz agreed with the needs that Epstein addressed and warned the public of suspicious online activity both inside and outside of school.
“With the more advanced we become, the more susceptible we are to dangers that await us,” she said. “What happened with Rockville Centre opened our eyes and taught us that we do not wish to ever be in that position.”