Ransomware

How Ransomware Is Invading Schools

business-businessmen-classroom-267507.jpg

The Education Sector Is Under Attack


Every IT employee in the education sector is likely aware of the ransomware plague that has visited their colleagues in healthcare the last few years. Healthcare offers hackers rich pickings of personal and financial information—but so does the education sector, where there is the added bonus of valuable research and other types of information unique to the sector.

Recently, security firm BitSight reported that education, not healthcare, is in fact the most attacked industry. It found that 13% of educational organizations had been hacked—three times more than the rate of ransomware in healthcare and more than 10 times the rate in the financial sector.

This is contrary to the findings earlier in the year from Osterman Research which found far higher ransomware penetration rates in healthcare.

While first place might be in dispute, no one is arguing that ransomware is now a growing and expensive problem. Being in third place or even ninth place will be no consolation when the hackers strike. That’s especially true if you could have taken some simple precautions to stop the attack or limit the damage.

The Education Sector’s Special Problems With Ransomware

It’s difficult for K–12 schools to fend off attacks with small budgets and IT teams. And universities are environments where file sharing is an extreme sport, making ransomware a huge challenge for IT departments.

The hackers are after medical records, information they can use for identity theft, financial information, and research data. And many institutions are paying the ransoms, which won’t help the problem go away.

Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact
— James Scott- Institute for Critical Infrastructure Technology

Protection is much Cheaper than Reaction

There are some simple things that you can do to shore up the defenses without incurring significant cost.

  1. Establish email security protocols—Email is where the attackers are most likely to get into your system, so take the chance to kill off as many prospective attacks as possible by just not letting the infected files through.
  2. Avoid file sharing—Ditto.
  3. Keep software up to date—Unpatched software is another way in so shut it down.
  4. Improve network hygiene by upgrading aging infrastructure to reduce your vulnerabilities.
  5. Have a diversified backup strategy—Use physical and cloud backups
  6. Segment the Wi-Fi—If possible, segment your Wi-Fi to keep staff, students, and guests on different networks.
  7. Educate employees—Most hackers get in through email phishing attacks. They need to know what good security looks like and where the dangers are coming from.
  8. Show file extensions—It’s harder to hide an exe file as a jpg when the user can see the full extension, and you’ve trained them to know the difference

Helping Keep Your Information Safe Would Be Our Pleasure!

Name *
Name

We Value Your Feedback!

Was This Information Helpful?
Was This an Interesting Read?
CurrentTech_Horizontal.jpg

6 Steps To Secure Your School's IT Network

Compuer Lab.jpeg

Your School's IT Network is a Gold Mine for Hackers


The Open Security Foundation reports that 15% of all data breaches take place at educational institutions. When such attacks are successful, the consequences can be severe. Given the regularity of attacks on educational networks—and the harm they can cause when they’re successful—it’s vital that you make sure yours is as secure as possible. Here are five things you can do to make sure your school’s network is secure.

1. Use multiple defenses.

The key to a secure network is a comprehensive approach that takes into account all possible points of entry. It’s not enough to have one anti-virus program, or to encrypt only some sensitive information. Combining multiple security measures will provide the best possible defense for your valuable data.

2. Update. Update again. Then check for new updates.

According to a report by Symantec and Verizon, nearly one million online bugs are introduced per day. It's little wonder then that anti-virus programs require frequent updates to remain effective. Neglecting these updates increases your vulnerability to costly and time-consuming infections. Current Technologies recommends automating them whenever possible. You must also take care to download security patches for your browsers and operating systems as they become available.

3. Control network access.

Using network administration software, you can restrict user access to information. Apply "the principle of least privilege" and ensure users can only access the information they need. This will allow you to reduce access to sensitive information while ensuring that everybody can still do their job.  

4. Back up everything.

It’s inevitable that you’ll hear stories of students at your school losing nearly finished assignments because of a power outage or a flash flood. Don’t make the same mistake—back up everything you can, preferably in a secure, off-site location. That way, in the event of a security breach (or a natural disaster), you don’t have to worry about extensive data loss.

5. Encrypt sensitive information and use strong passwords.

Finally, it’s prudent to encrypt sensitive information whenever it’s not being used. In the unfortunate event that your school falls prey to a successful cyberattack, you’ll at least have the consolation of knowing that your files were useless to the perpetrators.

The maintenance of a secure school IT network requires you to ensure that it’s kept up-to-date and that the people managing it are following best-practice security protocols.

6. Password Management

In April this year, hackers were able to infiltrate the network of a New Jersey school, steal critical network files, and demand $125,000 for their release, all because of a single weak password.

So make sure that your school’s network administrators are using unique passwords or a suitable password manager app. You can also consider implementing multiple factor authentication (MFA), which requires both a password and a second authorization code—sometimes a secret question, sometimes a code sent to a registered mobile phone.

Don't Let Your Institution Be Another Case Study

Name *
Name

We Value Your Feedback!

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg