Making the top of a list is usually a good thing in education. But that isn’t the case when it comes to being a ransomware target. The State of Ransomware 2021 report from Sophos notes that education suffers the most ransomware attacks, with 44 percent of respondents in the sector saying they were hit by ransomware in the last year. The same report also highlights that education and local government are most likely to admit to security weaknesses.
Why are hackers targeting schools? The first and most obvious reason is money. The Sophos report says the education sector came in third when it comes to paying ransoms, with 35 percent of schools doing so and successfully getting their data back. Then there's the bonus for the bad guys: potentially stealing students' and teachers' personal information. A student’s personal information is precious for identity thieves and scammers. Someone using a young person’s identity to commit fraud is unlikely to be noticed if that person doesn’t have bank accounts or credit cards that might generate alerts.
None of this means you have to give in to bad actors. There are concrete steps you can take immediately to start protecting your school’s data. To get you started, here is a shortlist of actionable cybersecurity actions that every school district should implement.
1. Filter Out Malware and Block Malicious Documents
Malware is a catch-all term for any malicious software designed to harm or exploit your systems, network, and devices. Proper malware protection will prevent malware from executing on a device, changing settings, or loading malicious, compromised software. An effective filter can even help protect your users from themselves by preventing visits to websites that are known to distribute malicious code. Attached and downloaded documents are the perfect vehicle for sneaking malware past your defenses, where hackers can use macros, PowerShell, and other scripts to infect your systems. While most web browsers have built-in protections against malicious file downloads, software that blocks these scripts will add another layer of protection against ransomware.2. Educate Everyone About Cybersecurity
Teachers, staff, students, and parents need to learn to identify common cyber threats and best practices for doing their part in improving cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Stop Ransomware website, offering reference materials for K-12 school and district IT staff, including webinars, teaching tools, and other resources. Cyber.org, the academic initiative of the Cyber Innovation Center, recently released K-12 Cybersecurity Learning Standards that give you a great starting point. And, for younger students, the Center for Internet Security offers a free 2021 Kids Safe Online Activity Book that makes learning about cybersecurity fun. Several commercial platforms also offer cybersecurity and ransomware courses and curricula. Whether you hire someone or do it yourself, make sure your courses cover social engineering schemes like phishing and explain core cybersecurity threats like malware, malicious bots, SQL injections, and physical threats to data. You should also foster awareness of individual and device vulnerabilities while providing students, teachers, and staff with tools to protect data like strong passwords, biometrics, two-factor authentication, and firewalls. And, with today’s shortage of cybersecurity professionals, it’s worth considering adding cybersecurity classes at the high school level. The National Cryptologic Foundation offers curriculum guidelines here. You can also download Arizona State University’s cybersecurity middle school curriculum for free.3. Safeguard Student, Teacher, and Staff Devices
School and district IT staff already face many challenges in keeping up with evolving technologies on limited budgets. That's why you must take the time to implement best practices and add technologies, wherever possible, that prevent ransomware and other attacks. These include:- Limit internet-exposed services like remote desktop protocol (RDP)
- Restrict administrative access to only those who need it, and keep devices protected and in compliance with security policies
- Apply endpoint protection to ensure devices used for school stay safe whether used on- or off-premises
- Implement multi-factor authentication (MFA) to safeguard against compromised passwords
- Improve password management to prevent password compromises, sharing, and re-use—the most common cause of data breaches
- Install security updates and patches when they are released to protect against known vulnerabilities in IT systems, computers, and equipment
- Manage sensitive data to ensure it is protected and deleted when no longer needed
4. Back Up Data and Critical Systems
With so many schools hit by ransomware—and no way to be 100 percent certain you can prevent it—backing up your data is crucial. Every school and district should follow the new 3-2-1-1 backup rule:- Keep 3 copies of your data
- Store 2 copies locally on two formats (NAS, tape, or local drive)
- Keep 1 copy stored offsite (in the cloud or secure storage)
- Store 1 immutable copy of your data