cybersecurity

How Ransomware Is Invading Schools

business-businessmen-classroom-267507.jpg

The Education Sector Is Under Attack


Every IT employee in the education sector is likely aware of the ransomware plague that has visited their colleagues in healthcare the last few years. Healthcare offers hackers rich pickings of personal and financial information—but so does the education sector, where there is the added bonus of valuable research and other types of information unique to the sector.

Recently, security firm BitSight reported that education, not healthcare, is in fact the most attacked industry. It found that 13% of educational organizations had been hacked—three times more than the rate of ransomware in healthcare and more than 10 times the rate in the financial sector.

This is contrary to the findings earlier in the year from Osterman Research which found far higher ransomware penetration rates in healthcare.

While first place might be in dispute, no one is arguing that ransomware is now a growing and expensive problem. Being in third place or even ninth place will be no consolation when the hackers strike. That’s especially true if you could have taken some simple precautions to stop the attack or limit the damage.

The Education Sector’s Special Problems With Ransomware

It’s difficult for K–12 schools to fend off attacks with small budgets and IT teams. And universities are environments where file sharing is an extreme sport, making ransomware a huge challenge for IT departments.

The hackers are after medical records, information they can use for identity theft, financial information, and research data. And many institutions are paying the ransoms, which won’t help the problem go away.

Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact
— James Scott- Institute for Critical Infrastructure Technology

Protection is much Cheaper than Reaction

There are some simple things that you can do to shore up the defenses without incurring significant cost.

  1. Establish email security protocols—Email is where the attackers are most likely to get into your system, so take the chance to kill off as many prospective attacks as possible by just not letting the infected files through.
  2. Avoid file sharing—Ditto.
  3. Keep software up to date—Unpatched software is another way in so shut it down.
  4. Improve network hygiene by upgrading aging infrastructure to reduce your vulnerabilities.
  5. Have a diversified backup strategy—Use physical and cloud backups
  6. Segment the Wi-Fi—If possible, segment your Wi-Fi to keep staff, students, and guests on different networks.
  7. Educate employees—Most hackers get in through email phishing attacks. They need to know what good security looks like and where the dangers are coming from.
  8. Show file extensions—It’s harder to hide an exe file as a jpg when the user can see the full extension, and you’ve trained them to know the difference

Helping Keep Your Information Safe Would Be Our Pleasure!

Name *
Name

We Value Your Feedback!

Was This Information Helpful?
Was This an Interesting Read?
CurrentTech_Horizontal.jpg

Worried About Defending Your Data From Hackers?

defending data.jpeg

Why the Best Defense Against Viruses Might be Off Site


If you’ve handed over responsibility for your IT to a managed service provider (MSP), the decision probably included the following considerations.

  • They’re experts.
  • It’s cheaper.
  • You don’t need to have as many (or any) IT employees in your office.

It can feel like a huge weight is off your shoulders, but for your MSP to make those things true, it needs tools. One of them is remote monitoring and management (RMM) software. Being able to access and service your systems from their office, not yours, is part of what makes managed service providers so cost effective and it saves everybody time.

What is RMM?

You might have heard of RMM as “network management” or “remote service software.” Whatever you call it, it’s software that lets MSPs remotely monitor client endpoints, networks, and computers.

RMM is particularly important when it comes to your security. With malicious code becoming a faster-moving problem every year, you want every device patched and secured without waiting for a technician to make the rounds.

Enter the Agent

RMM works through a piece of software—called an agent—that is installed by your MSP on workstations, servers, mobile devices, and other endpoints. These bits of software feed information back to the MSP about the machine’s health and status.

With this information, the MSP can see what’s going on in your network. It can target endpoints that need maintenance or updating. It can see where issues are about to happen and act on them without needing to go to your office. That’s less inconvenient for you, and it keeps down the MSP’s costs, which it can pass on to you.

The ability to keep your security up to date is especially beneficial to both parties. When an MSP contract includes support through a security breach, the costs to both the client and the MSP can mount quickly. Both parties have a vested interest in keeping anti-virus software up to date and patching holes before there’s a problem.

Raising Alarms

Your MSP doesn’t need to have someone sitting in front of a screen to keep an eye on your system 24/7. That’s what the agent is for.

When an agent finds a problem, like a virus or other malicious code it creates an alert or opens a ticket that is sent to the MSP so it can take the action that’s needed.

First and Fast

In short, RMM is essential if your MSP is to keep your network secure. It’s going to alert the MSP to issues before they arise, and if something does slip through the net, the MSP will get an early warning to fix it.

Why the Best Off Site Defense Solution is Current Technologies

Current Technologies has been providing businesses in the Chicago land area and beyond with superior IT services for 20 years. Offering companies a hybrid solution of regularly scheduled onsite maintenance visits with a specifically assigned consultant, along with 24/7 remote monitoring and support we can deliver an IT Service framework that is among the best in the industry. Current Technologies uses top of the line Auvik monitoring software to ensure your data is safe as can be. With this level of protection you will be able to rest easy at night knowing your information is secure.

Check out our infrastructure management overview PDF below to see all of the ways Current Technologies can help your business run safer and smoother.

Get Protected Before it's too Late

Name *
Name
We pride ourselves on having the capabilities of a large firm while still providing the personal attention of a small firm
— Phil Hanson, Project & Service Manager- Current Technologies Corporation

We Value Your Feedback!

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg

6 Steps To Secure Your School's IT Network

Compuer Lab.jpeg

Your School's IT Network is a Gold Mine for Hackers


The Open Security Foundation reports that 15% of all data breaches take place at educational institutions. When such attacks are successful, the consequences can be severe. Given the regularity of attacks on educational networks—and the harm they can cause when they’re successful—it’s vital that you make sure yours is as secure as possible. Here are five things you can do to make sure your school’s network is secure.

1. Use multiple defenses.

The key to a secure network is a comprehensive approach that takes into account all possible points of entry. It’s not enough to have one anti-virus program, or to encrypt only some sensitive information. Combining multiple security measures will provide the best possible defense for your valuable data.

2. Update. Update again. Then check for new updates.

According to a report by Symantec and Verizon, nearly one million online bugs are introduced per day. It's little wonder then that anti-virus programs require frequent updates to remain effective. Neglecting these updates increases your vulnerability to costly and time-consuming infections. Current Technologies recommends automating them whenever possible. You must also take care to download security patches for your browsers and operating systems as they become available.

3. Control network access.

Using network administration software, you can restrict user access to information. Apply "the principle of least privilege" and ensure users can only access the information they need. This will allow you to reduce access to sensitive information while ensuring that everybody can still do their job.  

4. Back up everything.

It’s inevitable that you’ll hear stories of students at your school losing nearly finished assignments because of a power outage or a flash flood. Don’t make the same mistake—back up everything you can, preferably in a secure, off-site location. That way, in the event of a security breach (or a natural disaster), you don’t have to worry about extensive data loss.

5. Encrypt sensitive information and use strong passwords.

Finally, it’s prudent to encrypt sensitive information whenever it’s not being used. In the unfortunate event that your school falls prey to a successful cyberattack, you’ll at least have the consolation of knowing that your files were useless to the perpetrators.

The maintenance of a secure school IT network requires you to ensure that it’s kept up-to-date and that the people managing it are following best-practice security protocols.

6. Password Management

In April this year, hackers were able to infiltrate the network of a New Jersey school, steal critical network files, and demand $125,000 for their release, all because of a single weak password.

So make sure that your school’s network administrators are using unique passwords or a suitable password manager app. You can also consider implementing multiple factor authentication (MFA), which requires both a password and a second authorization code—sometimes a secret question, sometimes a code sent to a registered mobile phone.

Don't Let Your Institution Be Another Case Study

Name *
Name

We Value Your Feedback!

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg

Survey Says, Poor Server Security is Still an SMB Issue

cyber-security-cybersecurity-device-60504.jpg

Server Security is Key for SMBs to Land Large Customers


Hacking one network to access another more lucrative network is a common hacker tactic. Increasingly, the first network to be hacked likely belongs to an SMB. When an SMB is networked with a larger customer, a vulnerability in the SMB’s network might translate to a vulnerability in the customer’s network. By hacking an SMB, a hacker learns how to get into the customer’s network, what that network can do, and about any access credentials and procedures. Hackers can lurk for as long as they like, looking all the time like an authorized supplier.

Online retailers with a database of credit cards could see those details stolen thanks to a virus or Trojan horse that infects a delivery company, manufacturer, cloud-CRM supplier, or any other company in their supply chain with access to their IT network. The hackers don’t have to act immediately. They can wait until Black Friday or Christmas.

That means SMBs’ IT security is coming under more scrutiny from their large enterprise customers. SMBs are also likely to see security operational conditions show up in their partner contracts. Failing an IT security test could mean not getting (or losing) a contract—and not just an IT-based contract.

The customer will want the right to show up for unannounced network, software, and facility spot checks. Naming and shaming is also likely. It’s in the larger customers’ interests to let partners know when one of their number has been caught with inadequate security and terminated.

Customers might also expect the SMB to agree to be held liable if a breach is traced back to it.

So far, enterprises looking closely at their supply chain and small business partnerships aren’t always liking what they find.

Kaspersky Lab’s Global IT Security Risks Survey found:

  • There has been an eight percent fall in the deployment of anti-malware solutions on mobile devices.
  • 44 percent of businesses don’t have a fully implemented security solution.
  • 52 percent of respondents think that their organization needs to improve its incident response plans for data breach and IT security events.
There are only two types of companies. Those who have been hacked and those who don’t know they have been hacked.
— John T. Chambers, Former CEO of Cisco Systems

Leadership Required- Legitimate Server Security Begins at the Top

Only 54 percent of respondents said they were sure senior (non-IT) personnel within the organization have a good understanding of the IT security risks their companies face. That is not an encouraging sign when 90 percent of businesses have experienced some form of external threat.

One thing cautious enterprises are likely to be asking themselves is if the leadership teams of their suppliers have made security a priority. Finding out those teams aren’t even aware of the scale of the problem will not reflect well.

The first job an SMB’s IT professionals face might be one of internal education.


Let Us Help You Break Away From Those Statistics

Name *
Name

We Value Your Feedback!

Was This Information Helpful?
Was this an Interesting Read?
CurrentTech_Horizontal.jpg