Ever wonder what kinds of things happen when good-intentioned people try to manage cybersecurity? Well, in this case, a High School in Illinois responded to a system error by resetting every student’s password and then communicating it to all the parents. But instead of creating a unique password for each student, they decided the most efficient path would be to change everyone’s password to “Ch@ngeme!”.
Chaos ensued, as students were able to then access any other student's files, school emails, papers, and assignments. It exposed every student’s account to being hacked!
It was likely an honest mistake, rooted in naivete, but it is obvious that a cybersecurity professional was not part of this decision tree. It took a day after parents complained, and unique passwords will be issued, but the damage may already be done.
It does not matter if you are a top-tier critical infrastructure organization, a rural High School system, or a small-to-medium business, be sure to have cybersecurity professionals available when issues of access, security, privacy, or safety are involved.
File this incident under “that is not the way it is supposed to work”!