Pedagogical Phishing: Understanding The Morton School District Cyber Attack

The recent Morton School District hack is a reminder that everyone is at risk from cyber attacks, and provides valuable insight into how to bolster security.

School Hackers

As computer systems become embedded in every aspect of our lives, no one is safe from cyber attacks. Public schools are particularly vulnerable, as they store sensitive data on their students and employees but often lack the training and equipment to adequately defend it. A recent attack against the Morton School District in Illinois demonstrates just how widespread the risk is. It also serves as an example of what school districts should and should not do to prevent and respond to attacks, potentially helping other schools to keep themselves safe in the future:

Analyzing The Attack

On 31 January 2017, Russian hackers used a phishing scam to gain access to sensitive data from the Morton School District in Tazewell County, Illinois. The hackers sent an email claiming to be from Lindsey Hall, the district’s superintendent, requesting information for W2 forms. A staff member responded to the email by sending out the names, social security numbers, and salary information for 400 of the district’s employees. When the employee received another email from that address requesting more information, she became suspicious and contacted the police. Investigators determined that the email had not come from the superintendent, tracing it to Russian servers instead.

Because the district acted quickly, the potential damage from this attack is low. Although the hackers learned the social security numbers of 400 employees, they did not receive their birth dates or addresses, limiting what they can do with those figures. Authorities provided the employees who were affected by tracking applications they could use to analyze unusual activity that involved their social security numbers. Nonetheless, the fact that Russian hackers successfully stole information from an Illinois school district is unsettling, prompting concerns that other schools may be at risk.

Proactive Prevention

In many ways, the Morton School District is a model for how to respond to cyber attacks. The staff quickly identified suspicious activity, contacted the authorities, and took the necessary steps to keep themselves safe. Ideally, however, school districts should never have to respond to the attack in the first place. Districts should maintain the risk of hacking to a minimum by:

  • Educating Employees– Districts should train their staff on proper cyber security measures, notably by teaching them how to recognize and avoid common scams.
  • Assessing Access– Social Security Numbers and other sensitive information should not be available to any employee. Districts should control who has access to such data, thereby minimizing the number of staff who could fall victim.
  • Reinforcing With Redundancy– In addition to stealing information, hackers can also prevent institutions from accessing their data and systems. Schools should have redundant systems and data storage to minimize the risk from such an attack.
  • Security Steps– School districts must institute and regularly update security software, strong passwords, and physical protection for their hardware.

LAN Infotech offers schools, businesses, and all other Florida institutions with valuable cyber security support. For more information on keeping yourself safe, contact or (954) 717-1990 today.

Used by permission

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
Client Feedback

“We were having major problems with our email system. We reached out to the IT department of a trusted major law firm here in Miami who in turn recommended Lan Infotech and Michael Goldstein’s team of experts. I find everyone to be professional, knowledgeable and thorough. This gives me huge confidence that I am using a vendor I can trust and rely on.”

—Bart Garratt
HR & Tech. Coordinator
The Legal Aid Society
read more»

Featured IT Services Fort Lauderdale Articles

LAN Infotech Recognized as Leading Microsoft Marketing Partner Worldwide

The team of IT specialists from LAN Infotech are thrilled to announce that they have been recognized on Fifty-Five and Five’s Inbound Marketing Excellence Report as one of the top 250 Microsoft mark

Read more

Featured IT Services

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services