Florida High School Cybersecurity Incident
If you think that all the data breaches that occur in educational organizations, always follow the same pattern affecting personal information and social security numbers of students and employees, you are under the delusion. The Florida High School cybersecurity incident has demonstrated that some espionage cases may be as odd and unpredictable in the education sector as in any other sphere.
Braden River High School coaching staff were probably not the ones to suspect in espionage activity. At least, before the Florida High School cybersecurity incident that took place during last year’s high school football season and just recently came to light when school coaches were accused of using an unfair advantage in watching their rivals’ recorded practices.
Now, a brief retrospection for your information. Braden River team played with the ones from Venice, North Port, Sarasota and Sarasota Booker high schools last year, which became quite a logical reason of the coaches’ interest: getting the details of the recorded plays could serve useful material for the further training process.
In the interview given to the local media, the coaching staff of the Venice High School, the recordings of which were also compromised, hinted that the staff of Braden River could use all the materials unfairly. The school scripted the first 20 plays of each game that are practiced and recorded in training sessions, some of them were uploaded on Hudl. Hudl is an online service widely used by high schools across Florida to store videos of practices and games.
Manatee County School District started an investigation back in May 2018. According to the results, Braden River coaching staff accessed the Huld account of the college and misused it to view some limited-access training videos. District officials claim that coaches had managed to log into the college’s Hudl account and viewed training videos of the rivals.
The punishment was deferred to Braden River High School officials. However, the details of the penalty against its coaching staff have not been announced yet.
The striking Florida High School Cybersecurity Incident also come in handy for those who prefer to avoid repeating the mistakes of the past. So, what was knowingly wrong in the schools’ actions and how could the incidents of the kind be prevented?
First of all, it is strongly recommended to pay attention to the security of any kind of critical data tempting for the third party. Educational organizations are used to take care of personal data and social security numbers of their students and employees. This often leads to a lack of attention to other high-value records that may be easily accessed by unauthorized users.
Secondly, organizations should not neglect the separation of duties principle. Normally in case of any devastating incident, students become the first suspected and it is not without reason. Indeed, students often turn out to be instigators of attacks. No doubt, this does not ensure the absolute inculpability of staff members. The access to the critical data that relates to the organization should be also determined by job duties. It means that the coaches who do not collaborate with recorded practices of their rivals in the performance of their duty should not have a possibility to access these videos on their own accord.
Another piece of advice is to care about the way credentials are stored. Sometimes they may be accessible to third parties. For instance, logins and passwords are written down on a sticker and left unattended hence providing any passers-by with a chance to copy them with ease. It is unknown how exactly the coaches managed to log in the Hudl account of the college, but it is obvious that the credentials did not have proper access restrictions.
And finally, we would also recommend caring about your security when using various business applications and services. There is a great variety of helpful apps that can be used for almost any purpose. Some of them are installed in the system, and some are external, such as compromised Hudl. No doubt, typical password theft is the most common type of security incidents. Still, you should not underestimate different vulnerabilities like SQL injections, XSS, and others that can help an attacker break into a system or service account and steal the desired data.
To sum up, no article is able to guarantee the prevention of security incidents (like Florida High School Cybersecurity Incident) in the future. Still, now you see that any data possessed by an educational organization may become anybody’s lucrative target. And the only key to guard yourself against data leakages is to realize how vulnerable records can be right now.