Think of cybersecurity like fencing in ranch land, that’s the analogy Technology Coordinator Mike Reed used to explain how Park County School District 1 is bolstering its cybersecurity.

Reed was invited to speak to the school board by Superintendent Jay Curtis on Tuesday due to the increasing prevalence of cyber attacks since 2018, which he said was the last time he spoke to the board. The district is currently looking at training options that the board will take part in as well — as to what it will look like has yet to be decided.

“We had some pretty serious discussions at the beginning of the summer when they were re-upping cybersecurity insurance,” Curtis said. 

Cybersecurity insurance adds eligibility requirements every year, Curtis said, and some districts around the country have actually had to “pay out” due to cyber attacks.

Reed mentioned numerous ways that hackers could attack accounts and more ways they target accounts through social engineering (when hackers gather data and pretend to be someone else). Personal data is for sale, Reed said, because it allows companies to better market to you, but this data can also be used with bad intentions.

Every time a new account is added this grows what Reed called the attack surface. Each administrator can add software and this can grow the attack surface.

If the district moves passwords to one program and gets the accounts to trust each other this decreases the number of holes in the “fence” that attackers could come through. Reed said that 93% of breaches are due to social engineering and this could come from the board members’ at home activity, as well as district activity. The district has hundreds of applications, over 5,000 objects and over 2,000 authorized users allowed across the attack vector.

“By moving to this model, we now control the attack vector. People worldwide will try to hack on us, are trying to hack on us and will continue trying to hack on us by going through that one [entrance] ...” Reed said  “We’ve created one way into the security system, it’s kind of like when you have a school and you set up all the outside doors that are just permanently locked and you create a vestibule.”

Reed also mentioned that artificial intelligence is a “game changer,” as it can crack a password much more quickly and it is also said to be able to guess a passcode with 90% accuracy just by listening to keystrokes. 

Reed and Curtis recommended changing passwords at least once a year and using passwordchecker.com to determine the strength of your passcode. A phrase that is easy to remember instead of one word is a good rule of thumb to a strong password.