Superintendent Carrie Ballinger told the Rockcastle County Board of Education Thursday that the district maintains multiple defenses against data breaches and had recently stopped an attempted payroll fraud.

Ballinger listed current measures in place: a $2 million cyber-insurance policy, two-factor authentication on Microsoft and Google accounts, weekly network vulnerability scans conducted by CISA, a 15-character password requirement for staff accounts and data-loss prevention that blocks Social Security numbers in outgoing email.

She described a recent scam in which someone submitted a fraudulent payroll form with an invalid account and routing number and an employee’s name; district staff detected and stopped the request before any payment was made. Ballinger said the incident shows the “real” nature of current threats and emphasized ongoing staff training.

The board reviewed and approved the district’s annual data-security breach notification best-practice guide. Ballinger also previewed a state-managed identity-management rollout that will scan password hashes against dark-web breaches, and a planned network upgrade on Sept. 8 that the district said will add Wi-Fi 6 and expand backbone capacity from 10 gigabits to 25 gigabits, with Juniper selected as the vendor.

Ballinger emphasized that users remain the district’s primary vulnerability — staff must continue vigilance against phishing by email and text messages.

Ending: The board approved the best-practice guide; Ballinger asked staff and trustees to maintain vigilance as the district implements the identity-management and network upgrades.