Local principal hacked; tips for preventing cybersecurity incidents

After a local principal’s social media account was compromised this week, he sent out an email to school staff warning them not to open any Facebook messages from his account.

Carroll Williams, principal of Cape Christian Community School in Cape Girardeau, said his sister first alerted him to some unusual activity on his Facebook profile.

“I learned of the hacking when my sister let me know that there were some pictures attributed to me on Facebook that I knew nothing about,” Williams wrote.

In a Thursday email to the Southeast Missourian, Williams wrote he created the Facebook account only to inform the community of CCCS events and share other school-related information.

“I’m not big on using social media in any fashion,” Williams wrote. “This use of Facebook was my only social media use.”

After the breach, Williams said he “eliminated” the Facebook application from his phone.

Protecting yourself

Facebook has tips for users who fear they may have been compromised. The Facebook Help Center suggests several steps to keep an account secure, including protecting passwords, never sharing login information, logging out of Facebook on shared computers, declining friend requests from strangers and avoiding links that seem suspicious, even when they come from someone the user knows.

While Facebook has seen breaches among its users, cybersecurity incidents happen across many platforms.

There are more than 300 million fraudulent sign-in attempts to Microsoft cloud services every day, according to Melanie Maynes of Microsoft security. Maynes authored an Aug. 20 article titled, “One simple action you can take to prevent 99.9 percent of attacks on your accounts,” in which she tells readers many such attacks are successful without the use of advanced technology.

“All it takes is one compromised credential or one legacy application to cause a data breach,” Maynes wrote.

One of the common vulnerabilities Maynes highlights is the recycling of passwords or other login information attackers may use to gain access to multiple accounts.

The Department of Homeland Security has a few tips for creating a strong password. Such tips include making a password eight characters or longer with a combination of letters, numbers and symbols; avoiding “easy to guess” passwords using names of family members or pets; substituting numbers in place of letters; and incorporating phonetic replacements.

Mike Klepper, of AT&T cybersecurity consulting, suggested a few technical controls to mitigate the risk of a cybersecurity incident in a Sept. 16 article titled, “Hacker prevention: tips to reduce your attack surface.” One such practice individuals or businesses can implement Klepper says will reduce the risk of cyber threats “more than any other single task” is staying on top of patching, system and application updates, user administration and configuration management.

He also suggested reinforcing email security and implementing a multi-step authentication protocol.

“Cybersecurity has always been something of a race between attackers and the defenders,” Klepper wrote. “ ... Every organization, regardless of size, faces difficult choices about where to allocate their limited resources; and you can never eliminate the risk of a cybersecurity incident entirely.”

While he is admittedly “not very tech savvy,” Williams said there are a few everyday security protocols he plans to follow.

“In my opinion, I simply would and will be, highly selective about using personal information on any site,” Williams wrote. “ ... That is why I don’t answer calls from numbers I do not either recognize or have in my contacts.”

The National Cyber Security Alliance website offers extensive information on what to do if a user believes they have been hacked, including links to several platform-specific resources.

For more information on what to do in the event of a security breach or compromised social media account, visit the NCSA website at www.staysafeonline.org/stay-safe-online.