A cyber security incident forced DMPS to take their systems offline as a preemptive measure on Monday and cancel classes Tuesday, according to DMPS spokesman Phil Roeder.
The issues DMPS experienced are not unique and not surprising to Sai Huda, CEO of CyberCatch, a company partnering with K-12 schools across the country to safeguard the online systems schools use every day.
“The problem is getting worse. So, you take the state of Iowa, obviously this recent news of a cyber attack in the Des Moines school district,” Huda said. “Prior to that Davenport, Linn Mar (CDS) were also attacked and had ransomware installed, data theft happened and a while ago another school (in Iowa) ended up paying a $10,000 bitcoin ransom.”
Cyber thieves are looking for easy ways to access personal data and K-12 schools are data rich, Huda said.
“If you think about it, schools have students, employees and there’s a lot of data, not only about them but their parents. That data can be sold on the dark web, used to commit identity theft and it can also be used for ransom and other nefarious acts,” Huda said.
There are federal guidelines established for IT security schools should be following, but many are not, Huda said.
“Schools really should be complying with NIST cyber security framework which is the federal standard for cyber security that required implementing 108 controls that are prevention, detection, response and recovery and unfortunately most schools have not,” Huda said.