Hosts discuss vulnerabilities in Citrix, Google Chrome, and Sonicwall, as well as a proposed bill for AI education in K-12 districts. They address the dangers of shadow IT and dive into the recent Raptor Technologies data breach. Additionally, they talk about data storage and security in education, emphasizing the importance of protecting sensitive information and simplifying solutions.
The recent Raptor breach highlights the importance of evaluating data storage practices in the education sector and considering alternative methods, like simple notations or checkmarks, to reduce the risk of data breaches.
The breaches at Raptor and 23andMe emphasize the need for educational institutions and private companies to reassess their data storage practices, prioritizing secure storage and implementing proper protocols to mitigate the risk of unauthorized access and breaches.
Deep dives
Raptor breach exposes sensitive student information
The recent Raptor breach has led to the exposure of sensitive student information, including divorce settlement records, threat assessments, and reports of student behavior. The breach occurred due to the discovery of a public repository of files belonging to Raptor, a physical security company that provides visitor management and other related technologies for schools. While Raptor is receiving criticism for the breach, it should also question why schools are storing such sensitive data in the first place. There needs to be a careful assessment of what information is necessary to store and why, and consideration of alternative methods, such as simple notations or checkmarks in student records, rather than storing entire documents. This incident highlights the importance of evaluating data storage practices in the education sector.
Password stuffing breach in 23andMe
Another recent breach occurred at 23andMe, a DNA testing company, resulting from a password stuffing attack. This involved an unauthorized individual attempting various known credentials to gain access to user accounts. While the company faced criticism for users utilizing the same passwords for multiple websites, it also raises questions about the retention of certain documents by school districts. It is crucial to reassess data storage practices in the education sector and question the necessity of hoarding documents that could be replaced by simple notations or checkmarks in student records. The responsibility falls on both schools and private companies to prioritize secure data storage and ensure proper protocols are in place.
Lessons learned from Raptor and 23andMe breaches
The recent breaches at Raptor and 23andMe underscore the need for educational institutions and private companies to reevaluate their data storage practices. Storing sensitive information, such as divorce settlement records and threat assessments, poses unnecessary risks and vulnerabilities. Schools should consider alternative methods for storing data, such as simple notations or checkmarks in student records, rather than keeping entire documents. It is also essential for private companies to prioritize secure data storage and regularly update their security protocols to mitigate the risk of breaches. These incidents serve as valuable lessons and reminders for all organizations to prioritize data security.
Importance of assessing data storage practices
The recent breaches at Raptor and 23andMe highlight the need for educational institutions and private companies to assess their data storage practices. Storing sensitive information should be carefully evaluated to determine if it is necessary and if there are alternative ways to store relevant data. The focus should be on securing the essential information such as custody arrangements or student allergies rather than retaining entire documents. By reassessing data storage practices, organizations can reduce vulnerabilities and protect sensitive information from potential breaches.
In this episode, hosts Josh, Chris, and Mark discuss recent exploited vulnerabilities with Citrix, Google Chrome, and Sonicwall. They also delve into a proposed bill in the Federal government that could fund AI education in K-12 districts. They discuss a Reddit post about the dangers of shadow IT. The main topic of conversation revolves around the recent Raptor Technologies data breach and the role of school districts in reducing the risk of data breaches.
