The Houston County Board of Education took a step toward protecting potentially sensitive data by passing a two-year $309,400 cyber security contract on Monday.
The board has been deliberating the deal with ControlAltProtect, a Birmingham forensic cyber security firm, since the initial presentation in early September in the wake of the July 25 malware attack that downed system servers and delayed the start of school.
“We needed to get something in place,” Superintendent David Sewell said. “There have been a lot of malware attacks on other entities, and just because we weathered the storm with the first one and we’ve moved on, doesn’t mean we will not have another one soon.”
The two-phase, post-breach response system will provide the school system with 24/7 monitoring, weekday alert monitoring and consulting for its network and 4,000 devices for a $12,800 monthly rate.
“This will not guarantee in any way that we will not have (another) one, but we’re doing our best to protect out students’ and our staff’s information,” Sewell said.
Several Alabama school systems are turning to cyber security services as hackers attack and cripple school systems, hospitals, dispatch centers and other entities across the country.
“We’re losing the cyber war and Southern schools are a target because they know our systems aren’t up-to-date,” Brent Panell, CEO and co-founder for ControlAltProtect, said during his initial presentation. “It is the current state of culture. Schools are a major target.”
Board members, understanding the cost of the service, earlier asked their attorney to review the contract.
Board members Marty Collins and David Hollinger were absent from Monday’s meeting, but the motion passed 3 to 1.
Chairman Vince Wade, who voted against the motion, expressed dissatisfaction with the item appearing on the agenda merely an hour and a half before the meeting was held. He declined to comment his reason for disapproval.
According to information from Technology Director Bob Blalock and Kerry Bedsole, costs are still mounting but the malware attack has caused direct and indirect damages of over $85,000.
At Monday’s board meeting, the board also approved over $10,000 of school lunch debt for the months of August and September to be absorbed by the system’s general fund. The deficit was caused by inaccurate accounting during a time the lunchroom’s accounting software was rendered non-operational due to the server hack.