 |
| Source: Office of HIPPA Privacy and Security |
Update 1/1/2012: Use AES Crypt to encrypt files. Read about it here.
Update 09/02/2011: It just happened again to another Texas school district. Read more here.
Source: Social Engineering: The Basics
“Psst…Hey, you wanna a new credit card? How about a new social security number?“
The private information of thousands of El Paso Independent School District students, teachers and other employees is at risk after hackers broke into the district’s internal computer network.
The security breach was discovered Wednesday when a computer security company noticed hackers bragging on a website about breaking into the EPISD system.
EPISD officials confirmed that the district’s internal network (myepisd.org) was infiltrated and that hackers gained access to information such as names, birth dates, addresses and Social Security numbers of district employees and students.
(Source: El Paso Times)
How does private data on a school district’s “internal network” end up in the hands of hackers? One of the eye-openers is that breach of encrypted data need not be shared. That is, if your confidential data is encrypted, and someone steals it, the organization who was hacked need not say a word. They only need to notify you IF the data was unencrypted.
The hackers also claimed to have students’ Social Security numbers. “And yes, the ssn’s are in plain text. I’ll not disclose any of that tho,” the hacker stated…”It does seem the Social Security numbers were not encrypted, and that is not a smart practice,” Titus said. “The Social Security numbers were not posted on (the hacker’s website), but we know the hackers have access to it. We don’t know if it is being traded on identity theft networks. The frustrating part is that preventing identity theft for kids is very difficult.” (Source: El Paso Times)
Kinda scary, huh? Unencrypted data floating around on school organization networks…why aren’t we all learning digital citizenship lessons and learning to ENCRYPT our data better?
Describe and practice strategies for securing wireless connections (e.g., connect to only legitimate wi-fi hot spots or turn off wi-fi, turn off file share mode, encrypt sensitive data/ information, use and update anti-virus software, use a firewall, update operating system.
Source: Digital Security B, CyberSecurity iKeepSafe.org Curriculum Matrix
Would school administrators PASS cybersecurity requirements defining how to assure personal protection of confidential data in the iKeepSafe CyberSafety curriculum? I doubt it…and I doubt most network specialists would either.
And, before these organizations–and their vaunted IT Security Admins–say, “These are free, open source tools that couldn’t possibly be implemented enterprise-level!”–which, not surprisingly, I’ve heard before–let’s remember that the use of ANY ONE of these free, open source tools would have eliminated the negative publicity, voided the effect of a confidential data breach, prevented the tarnishing of the District’s public image.
Whether you pay thousands for encryption solutions, or use free open source encryption solutions suggested below, it’s long past time to use them.
- Encrypting School Confidential Data
- TrueCrypt encryption for Windows, Mac, and Linux computers
- Ncrypt encryption tool for Windows and Linux computers
- Safeguarding Your Logins and Passwords
- A Laundry List of Privacy Tools
Similar Stories:
- Embrace Encryption
- TRS Confidential Information Fiasco
- Wiping Free Space on your Hard Drives
Insult to Injury? Texas Educators Info No Longer Confidential
Image references
Enter your email address:
Delivered by FeedBurner
pingthis(); 
Discover more from Another Think Coming
Subscribe to get the latest posts sent to your email.
Another Think Coming 
need to improve the internet security
hacking should be stopped