Resources

It is already a weird summer for me. I normally go to Acadia National Park right about now and enjoy the Maine weather. (It is so weird that NY has Maine weather so far). Instead of my normal summer routine, this year I am moving one of my daughters into the University of Alabama at […]

I was watching a panelist discussion post-mortem discussing firsthand knowledge of 25 major ransomware-style breaches. One of the panelists was an award-winning, ex-NSA offensive hacker.  One item that was stressed as a common theme across many breaches was credential theft being the number one way bad people get into the network.

  Cyber Security has grown into an issue that needs to be addressed by everyone in a school district, not just by the Director of IT. To that end, we are starting a weekly bulletin series aimed at helping School Business Officials, who generally own the district’s risk management responsibility, become more knowledgeable about the […]

  In August of 2021, CISA added “Single Factor Authentication” to its list of practices it considers “exceptionally risky” as it exposes you to an “unnecessary risk from threat actors”. Your district auditors and the NYS Comptroller’s Office technology auditors are most likely pestering you about your multi-factor authentication (MFA) strategies and beginning to ding […]

  Last weekend my youngest daughter started a new baton program on Saturday mornings. Sitting there I realized I have been taking at least one of my four daughters to baton for the last 22 years across two different teams in two different towns.

  How do you intend to block lateral movement if an attacker has made it into your network? In looking at recent ransomware attacks there are some consistent attack vectors used for lateral movement that are almost always exploited.

  I am sitting here at 6 am doing the morning review of all our Paladin Sentinel Monitoring school districts. The storm came overnight and there are lots of noisy UPSes, but thankfully it is a pretty boring morning. Boring is good.

  Add the last “S” for security. I remember the old mattress commercials. You left the last “S” of the phone number for savings. In our world, we need to always make sure we have the last “S” for security. In our world, any internet-facing connection simply must use a commercial SSL (i.e. VPN, Secure […]

In today’s school environment, everyone and almost every piece of equipment talks to the internet and run on your network. Your HVAC system, security cameras, phones, bus cameras and communication, attendance, payroll, and many of your teaching tools are all connected to the internet.

“I am watching you…Always watching” -Roz Monsters Inc. For New Year’s we once again had a holiday crisis. Fortunately, this wasn’t an attack.