(WXYZ) — “What do they want from a school district? I’m not sure. That’s kind of weird. Why they going after schools? It’s children there,” said Afusat Agbanaya, parent.
Agbanaya has three children in the South Redford School District which closed schools Tuesday and Wednesday because of a cyber attack.
“I was a little worried,” said Agbanaya. She said she was a little worried her family’s personal information might have been compromised.
Wednesday, in a press release, the district said the attack was isolated and that there’s no evidence data was breached.
What are school systems getting wrong as it relates to cyber security?
“Well, first of all, schools forget that they’re big businesses. And one of the things that big businesses have, they transact a lot of financial transactions. And particular, why most schools are being hit right now are because of their involved contract payment systems,” said Ida Byrd-Hill, CEO of Automation Workz.
Byrd-Hill, a metro Detroit cyber security expert, spoke with 7 Action News from a conference in New York.
She says hackers stealing information can disrupt what’s known as “count day” which factors into how much funding districts get from the state.
“If each school is getting $8,000 per student and I take all of their data, I now can hold them ransom to get that data back because they need to apply to their grants to the state,” said Byrd-Hill.
She also notes the use of personal devices on a school’s network may be more vulnerable if not properly monitored.
7 Action News' Darren Cunningham sat down with Mike Giromini, Novi Public Schools Assistant Superintendent of Academics, who says his district uses multi-factor authentication.
“So, you can’t just log in with a password, you actually have to dual authenticate with a different device to prove that you are you,” said Giromini.
“We have the ability to monitor the network, look for any outside intruders who are trying to get their way in to get information to get access to the network. That’s something that’s ongoing," he explained.
Giromini says the district also does phishing tests to educate staff on the pitfalls hackers depend on.
“So you know those emails you get that they tell you not to click on but every once in a while somebody wants to click on it? We actually engage in tests with our staff to see if people are actually falling victim to those things,” Giromini said.