As Minneapolis Public Schools' families voice frustrations, other metro school districts enhance cyber security protocols
MINNEAPOLIS -- Nearly four weeks and at least three emails later, Minneapolis Public Schools' families remain somewhere between uncertainty and unimpressed with the district's response to a major cyber attack.
"I suppose if the bribe doesn't work with the school, a bribe might work with the parent," middle school parent Pat Ostergan told WCCO. "They haven't told us what the information is. They've told us there's a leak. They haven't told us what they got or what they could have."
Jessica Hoida, another middle school parent, lamented she remains "frustrated" by MPS' referring to the attack as an "encryption event."
"I think at this point I don't know that I have unanswered questions," Hoida said. "I think I have just less faith in this district."
MPS administrators have declined WCCO's requests for an interview, and also chosen not to answer our questions sent via email. Earlier this month, administrators told parents there was no evidence that the data has been used to commit fraud. MPS, however, still encouraged employees, parents and staff to remain vigilant of suspicious emails or phishing attempts.
"I don't think they know," Ostergan added. "There's too many students, there's too much information. I don't know that they have experts on staff. I don't know if they've consulted experts. I don't think they know what and who has potentially been affected."
Indeed, MPS isn't the first school district in Minnesota and it's highly unlikely it will be the last. According to state officials, schools and universities were the targets of at least 78 cyber attacks in 2022, in addition to 111 counties and 39 municipalities.
"I do not believe it's unavoidable," said John Weisser, Bloomington Public Schools' executive director of technology and information services. "It's a cat-and-mouse game with more and more sophisticated methods of attack, and so each of these incidents can provide a learning opportunity for the larger system to grow."
According to Weisser, Bloomington Public Schools employs an offsite host to store its data, which he says adds 24/7 security and maintenance. The district's cyber insurance policy also affords his team with immediate resources in case of cyber attack.
"We get our best advice usually from experts outside of our system," he said. "We're in the middle of March Madness, so a sports metaphor would be like you practice and practice and practice. Sometimes you have a scare, and you go back to basics, and you drill and drill for a weakness that you didn't know you were vulnerable to, and then you get in there, and you play the game."
After the MPS attack, Weisser said his team has been especially cognizant of phishing attacks, where hackers try to lure unsuspecting users to click on a link or download a file in an email.
"The thing I notice is in the last couple of weeks has been that everybody's been on high alert for this thing that happened in our backyard, and it means that it could happen to us as well."
Federal cyber officials offer four critical steps everyone can take to protect themselves online.
Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
* Something you have — like a passcode you get via an authentication app or a security key.
* Something you are — like a scan of your fingerprint, your retina, or your face.Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
Protect your data by backing it up. Back up your data and make sure those backups aren't connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
