SUNAPEE, N.H. — Mike Montore, tech director for the Sunapee School District, first detected there was a problem with the district’s computer network on Sunday, Oct. 13, while working from home. When he returned to the office the following Monday morning, he discovered the unsettling reason: The school district’s network was hit by a ransomware attack.
Fortunately, the school district had a plan in place.
Montore had spent years staying connected to cyber attack issues through professional development and networking, and the district had its system backup offsite. Within hours on Monday, Oct. 14, Montore and IT Assistant Alan Glass had restored enough of the network to access the internet, teacher emails and the drive for the school to function properly. The difference in preparation allowed the district to get almost its entire network back online in two weeks and fully back to normal in four weeks, where otherwise it might have taken eight weeks.
“I was working on it 16 to 18 hours a day,” Montore said in a conversation with U.S. Sen. Maggie Hassan (D-N.H.) at Sunapee Middle High School yesterday. “And some of that was my own doing because if I can’t sleep and lay there thinking about it, I’m going to come to work, because at least I can be productive… it’s daunting.”
Hassan, a member of the Senate Homeland Security Committee and the Senate Cybersecurity Caucus, met with Montore and Sunapee Superintendent Russell Holden to learn from their experience in preparing and responding to a cyber attack, and their recommendations for how the federal government can help New Hampshire schools plan against cyber attacks through education and other resources.
“Part of my job is to make sure that people throughout New Hampshire and the country take this seriously and understand that there are things they can do to minimize the damage,” Hassan said.
Hassan said that Sunapee’s approach demonstrates that there are proactive, low-tech measures that small schools and entities can employ to mitigate the damage.
Cyber attacks will happen
A ransomware attack is a virus that infects a computer system by encrypting all of its data, effectively locking out the user. The perpetrator of the ransomware virus will notify the user of the issue, and that the user will need to pay the perpetrator a monetary ransom to get the data decrypted.
In the case of Sunapee, Holden said the ransomware infected everything from the district’s student management system, payroll, the food service program to their security doors and cameras.
“It became endless, to the point where if we weren’t where we were in being able to restore we would have been down a considerable amount of time,” Holden said. “Probably close to eight days of being at a standstill, where we’d be going back to paper and pencil.”
Montore said that storing a system back-up, including data, is essential, because cyber attacks “are going to happen.” Sunapee does not have the bandwidth to store its backup in-house, so they have to store it at another facility, which is more expensive. The district also backed up some computers with external hard drives.
“[The protection] is really three things: your computer, your hard drive backup and that you have it somewhere else [such as a cloud],” Montore said. “The odds of three of them failing are slim. The failing of two are not that slim, but three sources are slim.”
Montore also said that he stays a top of cybersecurity through conferences, including one in Florida that he has attended for 10 years now. Montore also participates in a local technological council which includes many IT specialists from other school systems. This peer-based information sharing and support system is the most helpful because it focuses on the practical application of knowledge “rather than what’s on pen and paper,” according to Montore.
Educating and training staff and students about good cyber hygiene and safety is a critical component to reducing the risk of cyber attacks. Holden said that many schools still don’t think about cyber attacks to the degree they should, though he has found that the state legislature’s more recent attention to it has improved that awareness. The key to Sunapee’s awareness is looking to sharing that awareness and understanding with staff and students.
“Any network defense is only as strong as its weakest link,” Montore told the senator. “So whatever your slowest machine is, there’s your problem. Or a person who’s going to go check their email and sees something [inviting], that’s all it takes, just one click.”
The district employs a cyber hygiene test for its staff for training purposes. Additionally, after the ransomware attack, the district now requires all staff and users to change their password three times per year.
Holden also said the district tries to find a balance with its faculty regarding using computers to access personal accounts. Many staff work extensive hours before and after school, including on computers the schools provide and on the school’s email server. That increases the chance that a staff person might use their work email to email, say, a friend or relative, or do a quick online order for personal reasons. Holden said that the district does not want to forbid their staff, but they do want them to consider safety and safeguard against an infection.
So far as raising awareness, Holden said he worries more about the municipal side of towns than the schools. There is more state legislation addressing cybersecurity in schools, mostly because of the number of computers and users, including children. In addition to legislation making schools more attentive to the issue, schools employ technology specialists that many municipalities lack.
“Education is not perfect at it, but we are becoming more aware,” Holden said. “Whereas I worry about municipalities not having the capacity, information or knowledge to know what to do. So I think that making sure that side of the entity is connected.”