Follett Recommendations for Minimizing Cyber Threats to Local K-12 School Servers

As a leader in preK-12 education technology tools and applications, Follett teams are constantly monitoring for potential security threats and providing enhancements as needed to protect all of the business’s applications.

In April 2016, Follett identified a potential vulnerability in the underlying architecture of Destiny applications installed on local school servers, and in May 2016 provided a patch to eliminate the vulnerability. One of the world’s leading cybersecurity companies has validated the effectiveness of the patch in closing the vulnerability. To date, nearly 80% of the customer locally-installed Destiny application servers have been updated. However, a number of customers continue to operate without the protection of this critical patch.

Follett strongly encourages its customers to apply the latest auto-update for their Destiny version or upgrade to Destiny version 14.5, and to take the proper precautions to minimize potential threats to local server environments.

Specifically, customers running Destiny on local servers should take the following steps:

  1. Install Destiny Security Patch 2 for your current version of Destiny, or upgrade to Destiny 14.5. All available Destiny auto-update releases must be accepted first.

  2. Ensure that the Follett Security Practices were followed to setup Destiny on local servers. The document also includes industry best practices for ensuring server security.

  3. Consider transitioning from locally hosted servers to the cloud. Destiny is part of Follett’s Hosted Services, which ensures access to the latest software releases in a secure environment, eliminating the need for onsite security monitoring and management. Contact your Follett team.

Follett’s Support team is available to provide help and assistance at 877.899.8550, Option 3. For server security concerns outside of the scope of the Destiny application, schools can contact the Multi-State Information Sharing and Analysis Center (MS-ISAC) for information and support.