Written by: Hector Kearns
The breach of a trusted third-party network relied upon by school boards across Canada has rung alarm bells and rallied Ontario educators, politicians and parents to heightened awareness. The recent hack of PowerSchool has left everyone shaken.Global News reports that more than 2.4 million students have been impacted at Ontario’s two biggest school boards — the Toronto District School Board and Peel District School Board. Personal information has been accessed, with some records dating back to 1995. Such penetration underscores a critical need to adopt a new approach to IT security: Trust but verify.
This isn’t just about pointing fingers. It’s about recognizing that our society has entered a new age where a healthy mistrust of all partners and suppliers has or will soon become the norm. Just because a vendor believes they are secure, doesn’t mean it’s true.
In 2023, one of KTI’s closest allies was hacked. Their business networks were locked down as tight as a drum with everyone trained and fully aware of online threats, when their accounting firm was penetrated. Months earlier, their accounting firm’s CTO had distributed a rigid new data security policy. Yet, the hackers used a senior accountant’s credentials to access their payment processor whereupon they pilfered more than $20,000 CAN. Lesson learned. We helped them get sorted, rebuilding their IT infrastructure for improved resilience. But more importantly, we help victims become vigilantes. They now routinely verify all their partners’ security claims, asking for proofs, or seeking 3rd party validations; they’ll check credentials, and even perform their own ethical hacking to test responses.
School boards have to do the same thing. They need to schedule regular IT security consulting and accurately assess the security measures put in place by their partners and suppliers, in addition to their own internal systems and devices.
