In Wake of LA Cyberattack, 3 Ways Families Can Better Protect Student Data
An expert on digital forensics offered best practices for how students and their parents can keep their private data protected
Education is at a Crossroads: Help Us Illuminate the Path Forward. Donate to The 74
A Labor Day weekend cyber attack affecting thousands of Los Angeles Unified School District students has families questioning what they can do to keep their information safe.
According to the initial Los Angeles Times report, hackers used ransomware to freeze and disable some LAUSD systems. The Vice Society ransomware gang then reportedly published a trove of sensitive district records this past weekend, though LAUSD superintendent Alberto Carvalho sought to downplay the damage done at a Monday press conference, particularly as it relates to records about individual students.
Authorities have said there’s no evidence confidential student information — such as social security numbers or health insurance — has been breached. Last month the district confirmed a ransom demand by the hackers, but Carvalho said there had been no response.
“School districts are often vulnerable targets to these kinds of attacks because they are large, have many employees, and many other users including students and parents who have access to at least some parts of the system,” said Clifford Nueman, an expert on computer security and professor at USC’s Viterbi School of Engineering in an email to LA School Report.
“What makes LAUSD an attractive target to criminals deploying ransomware is the number of individuals that are affected when LAUSD systems become unavailable,” Neuman added.
Dr. Joseph Greenfield, Associate Professor of Practice at USC and an expert on digital forensics, offered three tips on how LAUSD families — as well as parents at any school district across the country — can keep their private data protected:
1. LAUSD devices should be used exclusively for LAUSD services:
In order to prevent personal information from even reaching school’s data networks, parents should ensure students are using their LAUSD devices strictly for school purposes. While students may often play online games or indulge in social media content… with their LAUSD devices, these interactions are threatening due to sensitive student content reaching the school’s information history.
2. Download a Password Manager:
A password manager is an application tied to a subscription based service, most commonly seen through websites offering to generate customized passwords for their user. Popular examples include Apple Keychain and Dashlane.
Essentially these programs are targeted towards not repeating passwords across the wide array of sites student’s use on a daily basis. If each application has an individual separate lock, then a compromise of one account does not lead to a compromise of all accounts.
3. Use a Multifactor Authentication Process:
Multi Factor authentication is a process which can be implemented… in any and all accounts. With the installation of this software, everytime there is a login attempt the user must present two or more forms of evidence to verify their identity. The credentials that students would need to provide may translate to them receiving a confirmation text or needing to approve login through authentication apps such as DUO. Each and every time students log in, they should be required to undergo this process of identity confirmation.
This article is part of a collaboration between The 74 and the USC Annenberg School for Communication and Journalism.
Sara Balanta is an undergraduate student at the USC Annenberg School for Communication and Journalism pursuing a Bachelor’s degree in Journalism. She is a 2022 Dragon Kim Foundation Fellow where she hosts a project called “Teacher’s Aide +”, which conducts free renovations in schools to help brighten campus environments. Aside from writing her passions include youth activism, media culture and music.
Get stories like these delivered straight to your inbox. Sign up for The 74 Newsletter