MENU
SEARCHAn NSTA flash webinar, featuring representatives from Tyler Tech and ByteCurve, explored the threats posed by cybercriminals and methods for battling their attacks.
How is your school bus operation set when it comes to planning for battling and recovering from cyber attacks?
Image: Canva/NSTA
Everyone can agree it’s critical for school bus operations to develop, test, and repeatedly practice vehicle evacuation plans. But how seriously do fleet managers take threats posed by cybervillains?
During a flash webinar hosted by the National School Transportation Association (NSTA), industry engagement consultant Kim Martin of Tyler Technologies shared:
Only 24% of organizations invest in cyberattack detection and prevention.
56% don’t have a cyberincident plan.
Of the 32% with a plan, 44% aren’t confident in the plan’s effectiveness.
By 2025, she said, it’s expected that cybersecurity spending will reach $1.75 trillion and that damages from cyberattacks could top $10.5 trillion.
Investing in classrooms and transportation fleet operations is important, she said, but so is making a serious investment in defending sensitive data about students and contractor payrolls.
“This is a real thing and it’s important to start paying attention,” Martin said. “If you own and operate a business, you need to stay on top of these things.”
Targeted data might include:
Student routing information.
Accounting and payroll.
Operations software.
Maintenance software.
Dan Kobussen, president-elect of NSTA and owner of Kobussen Buses in Wisconsin, shared his company’s experience with cyber criminals. A staffer opened an email attachment that compromised their mailbox and led to repeated attempts to break into the company’s data.
What improvements did Kobussen implement?
Added two-factor authentication.
Cleaned up unnecessary past student or employee files.
Reviewed privacy laws.
Moved as much data as possible off local servers to the cloud.
“Limit access to local servers,” Kobussen said. “They’re the weakest link. Like shooting fish in a barrel. The easiest thing to break. In the cloud, it’s more secure. Not perfect, nothing’s perfect, but a little more secure than having the server yourself.”
Sam Hamilton, a cybersecurity specialist with Tyler Technologies, explained that it’s vital for operations to develop and practice plans for protecting and, if necessary, recovering from cyberattacks and data breaches.
Types of attacks include:
Phishing.
Ransomware.
Data breach.
Distributed denial-of-service (DDoS).
Malware.
Ransomware is particularly malicious in the K-12 education space, Hamilton said, because it can lead to data breaches where the criminals try to extort money while threatening to release student information to the public.
“It’s really complicated because you may be looking to get out in the easiest way, but you don’t have the power once they have that lever,” he said.
And there’s certainly no incentive for them to stop making threats and demanding money in the future if they get ransom the first time.
GP Singh, founder and CEO of ByteCurve, urged webinar participants not to be overwhelmed or scared by the thought of cybersecurity planning.
“There are some simple and specific steps that can be taken as early as tomorrow,” he said.
Think before you click email links or open attachments.
Keep computer systems patched and antivirus software updated.
Have a strong password policy, with mandatory resets every 90-180 days.
Control access and perform regular audits, eliminating accounts for ex-employees.
Use firewalls.
Forbid unauthorized application downloads and installations.
Back up data, because it’s not a matter of if a company may be attacked, it’s a matter of when.
Singh also recommended penetration testing – enlisting experienced hackers to test your security and recommend fixes. Then the company should formulate and regularly update a cyber breach recovery plan for how to communicate to employees, customers, and external agencies; how to keep the business going if payroll or routing systems are down.
“Having to think about that and document that can go a long way,” he said.
Martin, a former bus driver herself, expressed confidence in school bus contractors when it comes to such planning, given their responsibilities for managing routes, keeping children safe, and handling maintenance.
“What better people to be prepared?” she said.
See how Thomas Gray brings Marine Corps discipline and logistics expertise to Dayton Public Schools in this article celebrating National Military Appreciation Month.
Read More →
With diesel prices up 46%, new Geotab analysis points to tools that help fleets reduce idling, detect fuel anomalies, and recover hidden fuel costs across operations.
Read More →
Driver shortages, safety expectations, and staffing limits define student transportation in 2026. New survey data shows how fleet leaders are responding.
Read More →
The Bytecurve and busHive parent company has multiple new faces on its executive team as the company focuses on AI platform growth.
Read More →
Available on desktop or mobile, the digital ecosystem brings fleet monitoring, service management, vehicle insights, and dealer communication into a single interface.
Read More →
See which users in Illinois, New York, Ohio, and Pennsylvania are adopting Transfinder’s routing, tracking, and parent apps.
Read More →
The new radio combines durability, push-to-talk, and FirstNet connectivity, offering a cost-effective communication solution for fleets.
Read More →
EverDriven marks 18 years and 17 million miles in the Evergreen state while new data shows 8 in 10 caregivers would recommend its student transportation solution.
Read More →
New funding and national research highlight student transportation challenges as Zum looks to scale its Connected Mobility Experience platform nationwide.
Read More →
The certification validates expertise in complex vehicle technology installations, making it the first fleet video solutions provider to achieve the milestone.
Read More →
