1 minute read
State finds fault with Sewanhaka schools’ computerized systems
Comptroller’s audit says district’s operations, financial, personal data are vulnerable
By NIColE WagNER nwagner@liherald.com
A state audit of the Sewanhaka Central High School District’s computer systems found that the district lacked a written contingency plan that would allow it to recover from malicious acts such as a ransomware attack.
The key findings of the state comptroller’s audit, released on June 30, concluded that Sewanhaka did not have a written contingency plan for its information technology, or IT, systems, placing the district’s computerized data at risk in the event of a disruption or disas- ter.
The audit, conducted between July 21, 2021, and Dec. 7, 2022, identified areas of risk, including personal, private and sensitive information, as well as financial and business office data.
The audit described an IT contingency plan as “a school district’s recovery strategy, composed of the procedures and technical measures that help enable the recovery of business office operations after an unexpected IT disruption or disaster.”
Ransomware attacks were highlighted in the audit as an “increasingly sophisticated threat.” Ransomware is described as a type of malicious software, or malware, that threatens to publish or block access to data or a computer system until a ransom is paid.
In the event of an attack, the audit noted, the Sewanhaka district has insufficient guidance to react and resume operations rapidly, which could render the school district unable to perform business office operations, such as the ability to process checks to pay vendors or employees.
An outdated October 2009 written disaster recovery plan for the school district failed to address the range of threats to its current IT systems, according to the state audit.
At the time of the audit, the district had already taken steps to ensure data continuity within its current computerized operations in the event of disruption, according to Brian Messinger, the district’s director of classroom instructional technology and student achievement. However, he acknowledged these steps were not centralized in a single IT contingency plan.
The district received the findings of the audit on June 5, and Board of Education President Michael Jaime responded in a letter to the state comptroller on June 20. In the letter,
