Cybersecurity in the News: Albuquerque Schools Cancel Class Due To Cyber Attack

Albuquerque schools were closed last Thursday and Friday due to a cyber attack. On Wednesday morning of last week, teachers at Albuquerque schools found out that they were locked out of an important student information database that they were able to access the day just before. This database is used for things like taking attendance, contacting families in case of emergency, and providing a verified list of authorized people who are allowed to pick up a student from school. Albuquerque Public Schools' Superintendent Scott Elder stated, "The possible impact to student safety forced us to close schools." An understandable decision, as a malicious actor could potentially have tampered with the data and risked students' safety and security.

Albuquerque Public Schools has yet to disclose what type of cyber attack they were hit with, only that their student information held in the affected database was "compromised." Because the school system wanted to rid all of their schools completely of this cybersecurity vulnerability, teachers were forced to work offline so that laptops could be checked and scrubbed. The fact that it was a cyber attack which sent students home is the reason that the schools had to experience "cyber snow days." The in-person classes that students have always been accustomed to have become more flexible in the last few years but even virtual learning was out of the question, as multiple unsecured laptops from all different locations connecting to the schools' sites and networks could have complicated the school system's attempts and remedying and recovering from the attack. In an effort to protect students, it was definitely the safest bet to keep them at home for a few days due to the sensitive nature of the compromised data.

This breach of Albuquerque Public Schools' student information system brings to light the major vulnerabilities that public schools in particular can run into when it comes to cybersecurity. As Supt. Elder mentioned in his statement given on the attack on Albuquerque schools, public educational systems do not have the funds for supporting cybersecurity defenses as much as they would like to, and particularly when compared with the private sector.

This is a major issue, not only for the educational system but for many of industries in the world today where budgets are not as ample as businesses would like for them to be. Another hurdle facing schools when it comes to cybersecurity is the fact that the people in this industry are busy, busy, busy and may accidentally overlook security vulnerabilities due to their hectic schedules. This is a challenge shared with by healthcare industry, which was heavily targeted throughout the peaks of the pandemic where already short-staffed hospitals were pushed to the brink, leaving little time to focus on cybersecurity hygiene or best practices.

When it comes to a business or entity with a limited budget or an overwhelmed staff, it is best to focus on the basics. Use strong, unique passwords for each login needed for work. Ensure employees lock their devices when not in use to prevent in-person threats to data. Teach employees about emerging threats and have a dedicated IT team that can help answer questions about anything related to cybersecurity. Managers and decision makers for each business should consult local cybersecurity professionals and try to find a firewall which falls within a reasonable price point for the allotted budget. Even starting out with just the basics can make a world of difference!

Image by jcomp for Freepik.