Kansas District to Mandate Cybersecurity Training After Phishing Attack
(TNS) — Manhattan–Ogden USD 383 officials want to make cybersecurity training mandatory for all its employees after a phishing incident last week fooled some and led to a loss of information.
Director of technology Mike Ribble on Wednesday told the school board the district’s cybersecurity was compromised when a number of school staff members clicked on a phishing email that went out from an address that appeared to belong to a district employees.
No student information was lost as a result, he said.
Ribble said fewer than 10 percent of those who received the email reported it as phishing.
“We had a number of staff that not only clicked on the link but gave away their information, in the double digits,” Ribble said. “But it only takes one.”
Ribble said the incident coincidentally happened at the same time the district was running an internal phishing test, which is a requirement of its cybersecurity insurance.
Ribble stressed the importance of cybersecurity training, point to K-State, which has made the training mandatory since its cybersecruity incident in January. USD 383 opened up a cybersecurity training for staff in January, but Ribble said many in the district have not completed it.
“As of last week, when all of this went on, 289 staff had still not completed it,” Ribble said. “It was open in January. It was supposed to be completed by spring break. Of those, over 20 had direct access to student information.”
Ribble recommended that USD 383 should do the same as K-State and make cybersecurity training mandatory.
“The recommendations that I bring forward to our cabinet and to you is nothing new,” Ribble said. “We’ve got to make cybersecurity and all these requirements, we need to drive it home that it’s important because there’s just too much out there. We can put up as many barriers as we can, but when our own internal people are giving away information, it defeats multiple layers of the things that we created.”
Ribble also suggested teaching students from 8th grade onward as well as staff about cybersecurity so they are better prepared. This would include teaching them how to change passwords, giving multi-factor authentication for students and providing cybersecurity training for students so they know not to click on suspicious links.
“It’s part of the world that they’re going out into,” Ribble said. “They’re going to go to KU or K-State; that’s going to be the requirement that they have. We’ve got to show that we’re preparing them.”
Superintendent Eric Reid said he wants to become stricter when it comes to cybersecurity and holding people accountable. That might include assigning additional training to employees who fail the internal phishing test.
“Sometimes, we’re too nice about things, and we’re just going to have to get mean,” Reid said. “If there’s a time they don’t have their thing completed, we’re shutting them down, and they won’t be able to get into their email, they won’t be able to get into (Canvas). I’m at the point where I don’t care. We have to do this.”
The school board is going to have a technology work session in June, where it will discuss the issue further.
“I hear ‘balance,’ and I like ‘balance;’ it’s a word I use all the time,” Reid said, “But when we’re talking about security, I don’t want balance. I want a heavy-weight, down-to-the-ground, but I still want to reasonably operate education and provide opportunities for our kids, and have that mesh together. “
BOARD ADDS $28K TO LINCOLN EDUCATION CENTER REMODELING COST
In other business, the school board also unanimously approved a contract change order for the renovation of the Lincoln Education Center, previously Manhattan High School’s East Campus, increasing the cost of the project by $28,431.93.
The change order increased the guaranteed maximum price package with McCown-Gordon to $9.5 million.
The additional funds will cover additional remodeling needs the city identified to bring the building into alignment with fire codes, such as an above-ceiling cleanup, reworking electrical conduits and wires, and reinstalling light fixtures on the first and second floors.
“This is one of the last things for fire code as far as I’m aware of,” Reid said. “Sometimes, they find things right away. Sometimes, they find things as they go along the way or see what the final product is.
“What happened on this one was they found out where some of the ceilings were opened up and how some of the wires were running, and they said, ‘You’ve got to clean that up. You can’t leave that in because we’re not covering that part.'”
©2024 The Manhattan Mercury, Kan. Distributed by Tribune Content Agency, LLC.
