TASB Risk Management Fund
INSIDERM
Home  ❯  General

Risk Management Roundup: Hackers Demand $40M Ransom

April 28, 2021 David Wylie

Man reading a news website on a tablet

When your organization chose the Fund, it joined a network of educational entities with a vested interest in collaborating to manage risk. Risk Management Roundup shares industry news that could impact your team, but we don’t stop there. Our experts apply their unique, school-specific perspective to help you protect your resources.

Hackers hijack district data, demand $40 million ransom

Computer hacker wearing black jacket with hood, talking on cellphoneBroward County Public Schools in Florida recently faced a no-win situation: Pay $40 million to hackers who breached its network, or see potentially sensitive data posted online.

The district’s reply to the lofty demand was no surprise to anyone other than the criminals.

“I am ... speechless. Surely this is a mistake? Are there extra zero’s [sic] in that number by mistake?”

When the district gave its bottom-line counteroffer—$500,000—the hackers made good on their threat and posted the stolen data online. Fortunately, it looks like they were bluffing.

So far, the stolen records have been limited to non-sensitive data such as mileage reports, travel reimbursement forms, and utility bills.

Still, the incident shows how bold criminals are becoming and what’s at stake if they target your district.

FBI warns ransomware on the rise

A recent FBI alert detailed a surge in ransomware targeting higher education, K-12 schools, and seminaries. The alert listed domains associated with the attack and shared prevention tips.

Beyond budgets

Ransomware attacks often impact more than district budgets. The K-12 Cybersecurity Resource Center Annual Report notes that school closures and class cancellations associated with ransomware incidents tripled between 2019 and 2020.

Recent ransomware victims include a New York district that shut down normal operations for more than a week.

Follow these tips to protect your organization and its stakeholders

  • Maintain off-site backup files. This Missouri school district recently refused to pay ransom demands because it maintained secure backups.
  • Avoid untrusted links and attachments.
  • Only download from trusted sites.
  • Verify that requests for personal information came from legitimate sources, such as your IT team.
  • Configure email scanning and filtering.
  • Don’t use unknown USBs.
  • Allow operating system and security software updates to run.
  • Steer clear of unsecured Wi-Fi.

Learn more about malware

Ransomware is one form of cyberattack known as malware. Watch our on-demand webinar to learn more about malware such as trojans, bots, spyware, and crypto jacking.

Back to top

COVID-19-themed cyber-attacks continue to wreak havoc

When organizations across the globe went remote last year, they opened doors for opportunistic cybercriminals to exploit security weaknesses.

Pandemic-themed cyberattacks exploded 605 percent, 240 percent, and 115 percent during the second, third, and fourth quarters, according to security giant McAfee.

Trending scams

Fear and uncertainty associated with the virus, along with millions of employees working remotely, make a perfect storm for criminals looking to cash in.

Some trending scams are more personal in nature. They can still impact your organization, however, if employees are targeted while using work devices or email addresses.

Popular tax season scams leverage the promise of federally funded financial support during the pandemic to gain access to victims’ personal information.

Back to top

New CDC guidelines say surfaces can be cleaned once a day

Teacher wearing a mask and disposable gloves while disinfecting student desksThe new guidance applies when nobody with confirmed or suspected COVID-19 is known to have been in a space.

Organizations might want to clean more frequently or disinfect (in addition to cleaning) in shared spaces with more risk of infection from touching surfaces.

Hazard alert: Use caution when working with chemicals

Any cleaning or disinfecting product can harm us if we do not handle and apply it properly. In fact, the Fund recently saw an uptick in chemical inhalation and skin reaction claims among members with Workers’ Compensation coverage.

Schools have called on all staff to help clean and disinfect facilities during the pandemic. Custodial teams, along with teachers, administrators, bus drivers, and support staff, should know how to protect themselves and students from hazardous chemicals.

Learn more about safe cleaning and disinfecting

Watch our on-demand webinar and this 8:20 video from our online training provider to learn more about the hazards of working with chemicals.

Back to top

FBI study paints picture of school violence plotters

Many students who plan to carry out school violence have been exposed to substance abuse or mental health issues at home. They are also overwhelmingly male students who research tragedies such as the one that played out in Santa Fe, Texas in 2018, according to a new FBI study of thwarted attacks.

The study notes approximately:

  • 94 percent of plotters talked about their attacks in advance
  • 75 percent were detected because word got out

The study’s goal was not to promote student arrests. Researchers hope communities will use the information to identify at-risk students and get them the help they need.

Take a proactive approach to assessing threats

Texas law requires schools to implement multi-disciplinary threat assessment teams. In broad strokes, threat assessment teams help prevent tragedy by supporting individuals who show signs of harming themselves, others, or both.

There is no formula for accurately determining whether an individual poses a risk to themselves or others. Profiling could lead the team to misidentify individuals as threats rather than help spot people who need intervention and support.

Learn more about threat assessment teams

Download this TASB Legal Services resource to learn threat assessment team responsibilities, when threat assessment is appropriate, and how teams work with law enforcement.

Back to top

Washington school district agrees to $4.25M sex assault settlement

Judge's gavel on deskThe lawsuit says a former middle school teacher started grooming the student when she was 12 years old and sexually assaulted her for more than a decade beginning in the late 1990s.

The suit also alleges the teacher frequently gave female students rides home, held group meetings with students at his house, and stayed with them after school—sometimes past dinnertime.

Red flags for inappropriate relationships

If an inappropriate relationship exists between an employee and a student, red flags can show up in both parties’ behavior. For example, does the employee often isolate him/herself with the student? Does the student tease the employee as if he/she is a peer?

Teach your employees to recognize the red flags for inappropriate relationships and respond according to your policies and administrative procedures.

Learn more about inappropriate relationships

Back to top

Alabama district sued over Title IX, Title VII violations

The family's attorneys said the teen was bullied at school and online because of his sexual orientation and race. Attorneys also said when the boy sought help from administrators, they also bullied and discriminated against him.

David’s law

In 2016, a 16-year-old Texas student who had been continuously bullied by his peers through text messages and social media died by suicide. The Legislature responded by passing David’s law, one of many Texas laws and regulations that address bullying and cyberbullying.

David’s law requires school districts to include cyberbullying in their policies and notify parents if their child has been the victim of bullying or is the aggressor.

Cyberbullying in a COVID world

Cyberbullying has played out for decades through familiar electronic mediums such as email, instant messaging, and social media. The increase in online learning during the pandemic opens the door for more incidents.

Follow these seven tips to protect your students from becoming victims and reduce your organization’s risk of liability.

Learn more about cyberbullying

For more information about anti-bullying laws and school districts' obligations, take advantage of these TASB Legal Services resources.

Shopping while driving. Yeah, it’s a thing

Driver taking on cellphone, eating, drinking, and looking at laptopA growing number of drivers are texting, emailing, taking photos, and checking social media while driving, according to a new report.

An eyebrow-raising 17 percent of drivers reported shopping online while behind the wheel.

The increase in distracted driving could be partly responsible for a surge in traffic fatalities.

Motor vehicle deaths were up 8 percent in 2020 compared with 2019—the highest percentage increase in 13 years, according to the National Safety Council. In Texas, distracted driving ranks as the second-leading cause of traffic crashes.

Keep your hands, eyes, and mind on driving

Cellphones and other mobile devices take a lot of heat when talk turns to distracted driving, and rightfully so. Drivers using handheld or hands-free phones only see about 50 percent of what’s around them, according to the National Safety Council.

Still, drivers found ways to distract themselves long before technology and transportation collided.

Anything that takes your employees’ hands, eyes, or mind off driving creates a potentially fatal hazard. That goes for bus drivers managing student behavior and white fleet drivers eating lunch or reaching for something in the passenger seat.

Back to top

Good IAQ matters: Now and in a post-COVID future

The pandemic has scientists thinking a lot about what’s in the air we breathe. But the importance of indoor air quality (IAQ) is nothing new to school facilities managers or the Environmental Protection Agency (EPA).

Many IAQ strategies developed during the pandemic will remain relevant long after COVID-19 is relegated to school history curriculums.

Start at the source

Controlling pollution at the source is often the most effective, cost-efficient way to improve indoor air quality. Follow these tips to tackle common pollutants:

  • Prohibit buses from idling near the facility.
  • Remove trash, chemicals, and other pollutants from air-handling rooms.
  • Use non-toxic paint and art supplies.
  • Maintain live plants, groom animals regularly, and keep their cages clean.
  • Ensure trained staff or vendors clean up hazardous chemical spills promptly and safely.

Back to top

Stay plugged in

The Fund constantly monitors the risk landscape and shares best practices with our members. We make it easy for you to plug into our expertise, at no additional cost:

Tagged: bullying, chemicals, coronavirus, COVID-19, "cyber security", cybersecurity, "data breach", "driving safety", "sexual harassment"