Follett Recommendations for Minimizing Cyber Threats to Local K-12 School Servers

As a leader in preK-12 education technology tools and applications, Follett is constantly monitoring for potential security threats and providing enhancements as needed to protect all of our products and customers data.

In July 2018 Follett released Destiny 16.0, which updated the underlying architecture of our Destiny applications to more modern versions of Java technology.  Follett strongly encourages all locally-installed customers to update to Destiny version 16.0, and to take the proper precautions to minimize potential threats to local server environments.

Follett strongly encourages its customers to apply the latest auto-update for their Destiny version or upgrade to Destiny version 15.0, and to take the proper precautions to minimize potential threats to local server environments.

Specifically, customers running Destiny on local servers should take the following steps:

  1. Update to Destiny 16.0. If you are running on Destiny 12.0 - Destiny 15.5, you can update your system to Destiny 16.0 with one easy update. If you are running a version earlier than Destiny 12.0, you will need to install the required updates to get to Destiny 12.0 before updating to Destiny 16.0. Additional information is available here.

  2. Ensure that the Follett Security Practices were followed to setup Destiny on local servers. The document also includes industry best practices for ensuring server security.

  3. Consider transitioning from locally hosted servers to the cloud. Destiny Cloud ensures access to the latest software releases in a secure environment, eliminating the need for onsite security monitoring and management. Contact your Follett team.

Follett’s Support team is available to provide help and assistance at 877.899.8550, Option 3. For server security concerns outside of the scope of the Destiny application, schools can contact the Multi-State Information Sharing and Analysis Center (MS-ISAC) for information and support.

Note:  In April 2016, Follett identified a potential vulnerability in the underlying architecture of Destiny applications installed on local school servers, and in May 2016 provided a patch to eliminate the vulnerability. At that time Follett provided patches for Destiny versions 9.0 – 13.5.  One of the world’s leading cybersecurity companies has validated the effectiveness of the patch in closing the vulnerability.  All subsequent releases (Destiny 14.0 – 16.0) contain the security patches or technology upgrades that make those patches unnecessary.