The Education Sector Is Under Attack
Every IT employee in the education sector is likely aware of the ransomware plague that has visited their colleagues in healthcare the last few years. Healthcare offers hackers rich pickings of personal and financial information—but so does the education sector, where there is the added bonus of valuable research and other types of information unique to the sector.
Recently, security firm BitSight reported that education, not healthcare, is in fact the most attacked industry. It found that 13% of educational organizations had been hacked—three times more than the rate of ransomware in healthcare and more than 10 times the rate in the financial sector.
This is contrary to the findings earlier in the year from Osterman Research which found far higher ransomware penetration rates in healthcare.
While first place might be in dispute, no one is arguing that ransomware is now a growing and expensive problem. Being in third place or even ninth place will be no consolation when the hackers strike. That’s especially true if you could have taken some simple precautions to stop the attack or limit the damage.
The Education Sector’s Special Problems With Ransomware
It’s difficult for K–12 schools to fend off attacks with small budgets and IT teams. And universities are environments where file sharing is an extreme sport, making ransomware a huge challenge for IT departments.
The hackers are after medical records, information they can use for identity theft, financial information, and research data. And many institutions are paying the ransoms, which won’t help the problem go away.
Protection is much Cheaper than Reaction
There are some simple things that you can do to shore up the defenses without incurring significant cost.
- Establish email security protocols—Email is where the attackers are most likely to get into your system, so take the chance to kill off as many prospective attacks as possible by just not letting the infected files through.
- Avoid file sharing—Ditto.
- Keep software up to date—Unpatched software is another way in so shut it down.
- Improve network hygiene by upgrading aging infrastructure to reduce your vulnerabilities.
- Have a diversified backup strategy—Use physical and cloud backups
- Segment the Wi-Fi—If possible, segment your Wi-Fi to keep staff, students, and guests on different networks.
- Educate employees—Most hackers get in through email phishing attacks. They need to know what good security looks like and where the dangers are coming from.
- Show file extensions—It’s harder to hide an exe file as a jpg when the user can see the full extension, and you’ve trained them to know the difference