Mr. Britto Talks Cybersecurity at Lakeside

At Lakeside, hundreds of students and faculty use computers for school each day, storing immense amounts of data online. Naturally, it’s necessary to protect that data from various cyber threats — encompassing ransomware, data theft, and private tracking, to name a few. All of these threats have a profound impact on today’s hyperconnected world, but their existence also impacts Lakeside, even if indirectly.

According to Mr. Britto, Lakeside’s director of technology, Lakeside is most affected by cyber threats by having to pay for cybersecurity insurance. And in recent years, the effort and money invested in this insurance has increased. Rates have gone up 98% in the past year, and Mr. Britto estimates that his office spent 30-40 hours last year applying for insurance compared to only five hours the year before that.

The insurance application has become increasingly intensive because insurers seek to limit coverage to organizations that are already taking precautions. Applicants for insurance have to prove their efforts to protect themselves from cyber crime or else face limited coverage that doesn’t cover all of the possible risks.

Rates have gone up 98% in the past year, and Mr. Britto estimates that his office spent 30-40 hours last year applying for insurance compared to only five hours the year before that.

While the growing intensity of the insurance application is a headache, it may also lead to positive change. Mr. Britto harkens back to the 1900s, when fire insurance companies began to limit coverage to buildings with fire alarms and sprinklers, thus promoting their adoption. “Cyber insurance is kind of at that stage now. The costs are really high, and so people have to figure out what it is that we need to do.” The tight restrictions that applicants need to follow to get insured will eventually lead to wider adoption of good security practices.

Lakeside fortunately has the resources to get cyber insurance, but it still creates a notable opportunity cost. That is, there will be some things that Lakeside won’t be able to do because of the time and money required to get cyber insurance, which is a priority for the business office. This year, Lakeside hired an outside company to audit their cybersecurity practices and help them fill out the application, hoping to free up some time. Mr. Britto says that Lakeside’s goal is to “get the coverage we need at the lowest cost and spending the least amount of time on it.” 

One security measure the school has implemented recently is two-factor authentication for all faculty. Lakeside is also proactive about ransomware, backing up its data daily in three different locations, and has additional data “air gapped.” This data — stored on a physical object like a CD or hard drive — is inaccessible to cyber criminals no matter how long they poke around in the computer system.

In the wider world, cyber crime has widespread and often terrifying implications. For example, an Israeli company designed iPhone-infecting software that’s being used to track journalists and human rights advocates. A dam in New York was hacked from Iran, and they could have opened it if it hadn’t been disconnected from the computer for maintenance. The government of North Korea has weathered sanctions by earning an estimated $4 billion through ransomware attacks. In a different kind of cyber threat, social media platforms have also become plagued with disinformation from bots.

The prevalence of cyber crime can be traced back to the fundamental design of the internet, says Mr. Britto, as it prioritizes convenience and open connection instead of security. “Your IP address allows you to get information from many different sources. It was made so that everyone could connect, and it really prioritized speed…and not someone deciding ‘you can see this content or you can’t.’”

To deal with the issue of cyber crime, Mr. Britto thinks everyone will have to accept a little less of this convenience. He recommends paying attention to the permissions and privacy settings on phones — for example, he disabled Google Maps’ permission to have his location even when he wasn’t using the app. Next, he suggests turning on multi-factor authentication features (where a user is sent a text message with a code after entering their password). 

His advice comes down to being intentional when interacting with the internet. Each person can do something on a device level to minimize the risk of being a victim of cyber crime, but he acknowledges that large-scale systemic change would be needed to address this problem. Looking forward, he says “maybe folks here will, one, protect themselves and be less influenced and, two, they’ll start helping to influence those systems as they leave Lakeside.”