Wayland Public School Laptops and Computers -- Major Security Problems

Did you hear that hackers repeatedly breached the Wayland Treasurer's Office in January of 2015, and almost stole over $1 million of our money? The same problem continues with Wayland Public Schools computers used by teachers and staff, and hundreds of Mac laptops used by high school students.

Following the breaches in 2015, Wayland (taxpayers) paid over $100,000 to hire McGladrey, an IT consulting firm, to assess deficiencies. One of their "high priority" recommendations: install a modern "patch management" system, to ensure that all Wayland Town and School computers are quickly updated with the latest security patches. (Missing patches were a proximate cause of the breaches in 2015.)

Wayland Town management followed McGladrey's recommendations. Wayland Public Schools did not. The result? Over 1,000 computers used by WPS students, teachers and staff are not being promptly updated. The risk? Wayland Public Schools holds a vast amount of our confidential data, far more than the Town network. This includes identity information for you and your children, confidential medical, mental and behavioral data, etc.-- for thousands of current and former Wayland children and their families.

Your risk is personal and financial. If hackers break into the WPS network just like they broke into the Wayland Treasurer's office, your family's data could be stolen and sold. This damage could not be repaired. On the financial side, liability risk to Wayland taxpayers would easily exceed $1 million according to industry studies. Who would pay? Wayland taxpayers. (Wayland does not have insurance to cover data breaches.)

The need to quickly patch security flaws is "IT 101". Industry leaders agree, including Apple, Microsoft and the Department of Homeland Security. The standard: a couple of days at most, to run some tests. Wayland Public Schools? Weeks and months of delay. Again and again.

I repeatedly warned Wayland management about these problems in 2012, 2013 and 2014. Nothing was done. Then hackers attacked in January of 2015. After the same problems recurred in 2016 and 2017, I notified Superintendent Stein, Nan Balmer and the Wayland School Committee. Result? The problems continue. The patch management system recommended by McGladrey in 2015 has still not been installed. A screenshot from a WPS Mac is attached -- showing the latest batch of missing updates. (The 'GarageBand' vulnerability / patch is particularly bad.)

What can you do? Contact Superintendent Stein, the Wayland School Committee,
Nan Balmer {Town Administrator) and the Wayland Board of Selectmen. Let them know that you are concerned. Ask them to take effective action to finally fix this basic problem.

Let me know if you have any questions: MarkAllenHays@Gmail.com

Mark
Name:  WPS screen shot - 2017-03-06.jpg
Views: 97
Size:  66.4 KB