Abbotsford school board. Dustin Godfrey/Abbotsford News file photo

Abby Schools

Abbotsford schools’ IT security vastly improved

Compromised email accounts down from 85 to 15, new firewalls in place and employee training coming

The Abbotsford School District has made strides in improving its information technology security, something that was once effectively a non-issue for organizations as small as school districts.

The Abbotsford School District stores over two million documents and has over 13,000 connected devices, and more than 18,000 emails go to and from ASD email addresses every week, according to a presentation to the school board by Karman O’Brien, director of information technology.

That means there is a lot for the school district to protect from “bad actors,” and the school district is working to reduce the risks to its technology.

RELATED: Hackers targeting Canadian banks, mining companies

RELATED: Suspected scammer attempts to use Black Press newspaper to dupe woman

In 2017/18, the school district had 85 compromised email accounts, which has been reduced to just 15 compromised accounts so far in the 2018/19 fiscal year.

“These things come in spurts. Generally what happens is somebody will view us as a target, and they’ll try penetrating our system for a week or two weeks or three weeks and then eventually they get bored and they go elsewhere,” O’Brien said, noting one particularly bad month of attempts from servers in Russia, China and Ukraine.

“They were hitting our servers thousands of times a day for about a month, so it was a lot of work for us. But thankfully they weren’t successful.”

When an email account is compromised, it only means that the bad actors can see subject lines and other basic information, but O’Brien noted one example of how that basic information can escalate.

When an employee announced a retirement party, that subject line reached a compromised account, and bad actors were able to create their own fake email using that information to attempt to dupe more employees into clicking on malware and compromising more accounts.

“So they’re not actually getting into the system; they’re just reading bits of information, and that gives them more fuel for the fire to keep trying.”

The school district has also redesigned its firewalls to protect against bad actors trying to breach the system.

O’Brien said it’s typically a game of catch-up, but he also noted that the IT department has “done an excellent job of hardening our firewalls, and in the past two years we haven’t had any kind of breach.”

But O’Brien said the most important vulnerability is under-trained staff.

“The chain is only as strong as its weakest link, and all these bad actors, they know that,” he said. “If they can’t get around the firewalls, they’ll try and do social engineering campaigns, where, like I said, they send out emails that try and trick you into giving out your password and credentials. And surprisingly, it’s sometimes successful.”

With that in mind, O’Brien said the school district is spending a lot of time training staff of the district to recognize bad emails.

“It’s hard. They’re getting better at manufacturing these emails so they look very legitimate,” O’Brien said.

O’Brien noted two particular examples of warnings that an email is illegitimate – bad spelling and mismatched emails. Instead of an domain, for instance, an email may come from an domain.

O’Brien said the district has done training for all principals and vice-principals and staff at the school district’s main office, and among 190 people who took the training, the district scored an average of 85 per cent on testing.

In the past, school districts did not need to worry so much about attacks from bad actors, but O’Brien said it’s now becoming “so easy to send out these malware campaigns and denial of service campaigns.”

“You don’t have to have any computer expertise, and they teach you how to run them against any organization you want. It’s all about numbers. If you can hit 5,000 organizations and only two or three of them actually are successful, you can still make a lot of money.”

Find more of our coverage on the Abbotsford School District here.

Report an error or send us your tips, photos and video.

Dustin Godfrey | Reporter


Send Dustin an email.
Like the Abbotsford News on Facebook.
Follow us on Twitter.

Just Posted

Make a Difference auction raises $269,000 for Foodgrains Bank

Event at McClary’s Stockyard in Abbotsford crushes previous record

Your daily commute and weather forecast: Mar. 26, 2019

Risk of thunderstorms this morning, but clearing skies for a sunny Wednesday

Fraser Valley Symphony presents Somerset Trio

Concert on April 7 at Matsqui Centennial Auditorium in Abbotsford

Stranger climbs onto second-storey patio and lights fire in barbecue

Incident in Abbotsford terrifies family with two-year-old child

Fraser Valley Thunderbirds advance to BCMML final

T-birds eliminate Okanagan Rockets, take on Cariboo Cougars in final this weekend

VIDEO: Creativ Festival comes to Abbotsford

Event highlighting crafts takes over Tradex on Friday and Saturday

Harbour Air to convert to all-electric seaplanes

Seaplane company to modify fleet with a 750-horsepower electric motor

VIDEO: Teenage girl was person killed in three-vehicle crash in Coquitlam

Police are investigating the fatal crash at Mariner Way and Riverview Crescent

Sailings cancelled after BC Ferries boat hits Langdale terminal

The Queen of Surrey is stuck on the dock, causing delays to Horseshoe Bay trips

5 to start your day

Fatal crash in Coquitlam, stranger climbs onto balcony and lights fire, and more

Eviction halted for B.C. woman deemed ‘too young’ for seniors’ home

Zoe Nagler, 46, had been given notice after living in the seniors complex in Comox for six years

Video of ‘shocking, chilling execution’ opens B.C. murder hearing

Sentencing underway for Brandon Woody after pleading guilty to second-degree murder in Nanaimo

Is it a homicide? B.C. woman dies in hospital, seven months after being shot

Stepfather think Chilliwack case should now be a homicide, but IHIT has not confirmed anything

SPCA seizes 54 animals from Vernon property

Animals weren’t receiving adequate care

Most Read