How to Protect Your District Against the Log4j Cyber Attack

Security lock

TASB has been alerted to a new cybersecurity vulnerability that could impact your software products and operating systems. Learn about the threat and how to protect your organization.

What's happening?

IT professionals discovered a security vulnerability in a common logging utility named Log4j used in hundreds of millions of systems in organizations worldwide, including public schools. Logging utilities monitor software and operating systems to create log files that organizations can use to investigate errors or malfunctions.

The Log4j vulnerability allows cybercriminals to easily hijack the logging utility and remotely run commands or code on a target machine or against a target process.

The US Cybersecurity & Infrastructure Agency (CISA) is urging all organizations to assess their exposure — directly and via their vendor relationships — and take steps to mitigate the vulnerability.

What should you do?

  • Share this article with your information technology (IT) team.
  • Review this list and see if you’re using any impacted software or operating systems.
  • Patch and update to the latest version of Log4j.
  • Contact key software vendors to ensure they're taking necessary precautions.

The K12 Security Information Exchange (K12 SIX), national non-profit organization dedicated to analyzing and sharing information on emerging cybersecurity threats, has designed a Google Sheet to crowdsource the Log4j vulnerability status of commonly used K12 software both in the classroom and for operations and administration. 

K12 SIX says their aim is to reduce the burden on district IT staff with by crowdsourcing information so IT can more efficiently prioritize their response and mitigation efforts.

Log4j Vulnerablity Crowdsource Google Sheet

The resource includes more information about the Log4j vulnerability, more links to credible resources, and instructions on how district IT staff can contribute to the growing body of Log4j vulnerability information.

What is TASB doing?

We’re taking steps to help keep you safe and protected and make sure the TASB services and applications you use remain secure and operational. Our IT team is working through a comprehensive assessment to identify and address any affected programs. At this time, we have not discovered any external vulnerabilities.

Additional resources for more information

TASB is committed to the security of our systems, and we will continue to monitor for any potential risks. In the meantime, if you have questions regarding our response to this issue, please contact us at security@tasb.org.

Have you suffered a cyberattack?

If your organization is a Fund member with Privacy and Information Security coverage and you believe you've suffered a cyberattack, report a claim as soon as possible.

Report a Claim