It has been a rough two weeks for many of us who support technology for our school districts. We have experienced the worldwide meltdown of CrowdStrike due to a faulty update.

During the Pandemic, Threat Actors had a field day using phishing and SEO poisoning to attack users. We are in the same climate again with the horrible events of the last few days. Threat actors who practice phishing attacks are already using this event to send bombastic emails with salacious titles mentioning the event, knowing […]

Gabe, Lisa, and I attended the annual CyberSecurity Summit at my Alma Mater, Marist College. Back in the day, at the beginning of the IBM/Marist Joint Study, I was asked to be on the board of that program. My 20-year-old self had a lot of fun hanging out with the CEO of IBM and discussing […]

CISA in their January and August 2023 Bulletins again called out some of the most important ways that schools can protect themselves from cyber attacks. In both reports, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.

As we attempt to harden our networks and strengthen our passwords, I wanted to bring up something again I have talked about in various settings. Password lock-out policies. Since the beginning of time, we have had a basic password lock-out policy.

Recently it was worldwide “change your password” day! I have a few thoughts. If you attended the CSI CyberSecurity event in December, you heard the NYS SED CISO get caught up in the incongruent password guidance between NYS and NIST CSF. Unfortunately, there was no breakthrough in this discussion, but NYS SED heard you that […]

Would you be comfortable giving your plumber the key to your house so he/she can come in at any time to fix anything they might feel is amiss? The answer is probably no. Did you know that when you give a vendor unfettered access to your network you are essentially doing the same thing? Similarly, […]

Happy Spring! As Spring break looms for most of you, I once again need to be a killjoy and remind you of a stark reality. Whenever you and your team are enjoying some downtime and have more limited staffing, the bad guys are working extra shifts trying to break into your and your peer’s networks.

I know of three CIAs: The Central Intelligence Agency (CIA) The Hudson Valley’s Culinary Institute of America (CIA) The Triad of Information Security – Confidentiality, Integrity, and Availability (CIA) The first chapter of every Certified Information Systems Security Professional (CISSP) training is always about this Triad of Information Security.

Please join us on Wednesday, March 8th, as Scott Quimby delivers a special update addressing the current K-12 cybersecurity challenges, NIST Cybersecurity Framework (CSF) alignment as it relates to Ed Law 2-d, and NEW actions to improve your district’s security posture, help you with documentation, and measure your technology teams productivity.