Schools are not safe from cyber attacks. Here's a bit of information about one we experienced recently:
So, everything was normal. No sign of anything going wrong. Then, on a teacher's computer, during a lesson, the mouse began moving around 'by its self'. Computer shut down, taken off the network and checked. No sign of what was going on. Then, another machine experienced a similar issue and someone experienced it in their own home too.
We took the site offline so that we were no longer connected to the outside world. While offline, we changed passwords, reset settings and checked over the network and servers. All appeared to be ok, so we went back online. But, within hours of being back online, we experienced the same issues again.
So, again we took everything offline and if laptops went off site, they were kept offline too. This time, some passwords had been changed, parts of the servers altered and laptops taken control of.
Over a year on, we don't know who was responsible. Nothing, as far as we know, was taken and nothing damaged, and no money was requested. It would appear that the person responsible used the school's network as an area to play and try things out.
We changed all passwords, wiped and re-setup all computers and then went back online. Since, (fingers crossed) all has been ok. However, from the experience, here are a few things we learned:
- Keep software up-to-date. One of the ways in was through an old, unpatched OS;
- Apple computers are susceptible to attack. Our Mac system was attacked, not the Windows system;
- Keep software up-to-date. One of the ways in was through an old, unpatched OS;
- Apple computers are susceptible to attack. Our Mac system was attacked, not the Windows system;
- Don't use one admin password across your network. Have different passwords for different hardware/systems;
- Set up users as standard users and have separate admin accounts that can be accessed and used by those who need to;
- Store passwords somewhere secure on paper - not on part of the network;
- Create passwords using a password generator;
- Keep a system backup off site (even if it involves the administrator carrying the discs its on home);
- Don't assume you're not a target;
- Check and double check what's being installed and by whom;
- Don't just give access to the full network - how much access do mobile devices need? pupils? visitors?
All things we should have known? Probably. We're now far more aware of the dangers. This incident was mostly just inconvenient for a few months while we sorted it out, but it could have been worse. Police were involved, many technical people came in to assist, but, as we said, we never found the root of the issue. We don't want it to happen again...
