By Sam Bocetta
A few decades ago, when computers were still novelty gadgets and the internet was not available to everyone, schools and other educational institutions had a minimal reliance on technology. Fast forward to today and the situation has dramatically changed.
When before a teacher might only have a single workstation in their classroom, now the entire education process is running on networks and online systems. This has made many processes more efficient, but at the same time, every piece of new technology comes with cybersecurity risks. And those risks have real implications. To date, more than 500 schools have been hit by ransomware virus attacks this year. These attacks can be devastating for schools. Fortunately, there’s plenty administrators can do about it.
A ransomware attack usually begins with a hacker or cybercriminal gaining unauthorized access to a school network or a specific computer. It may be difficult to detect this initial intrusion depending on your school’s security systems and perimeter. Once the hacker has control over a piece of hardware, they install and run the malware.
Ransomware viruses are designed to scan through a computer’s entire local hard drive and encrypt each file using a cryptography method. This essentially locks the computer’s owner out of the system so that they are unable to open any files or access data.
At this point, the ransomware virus usually displays a message on the screen to warn the user that their system has become infected. The hackers do this because they want to hold the files as ransom and demand a payout from the institution in exchange for releasing the lock on the data.
Why schools are targeted
When planning a ransomware attack, hackers seek out organizations or users that have valuable data on their computer systems. Schools, city and local governments, medical offices and large corporations tend to fit the bill. And it’s not just the biggest school systems. More recently, small school districts have come under attack, especially in the U.S.
School technology platforms contain large amounts of information about students, facilities and other operational activities. Hackers know that if they can put that data in danger, schools will do anything to rescue it.
The other factor to consider is the limited budgets that many school districts have to maintain. This means that whatever funding they have for technology purposes usually goes into procuring new hardware and software. As a result, administrators have little time or money to pour into known cybersecurity concerns. Without the proper budget in place to spend on cybersecurity measures, schools are left vulnerable, and are an easy target for attacks.
How to stay safe online
Even if a school district is restricted in terms of their budget for cybersecurity protection, there are certain best practices they can follow to avoid major fallout. The tricky part is getting all administrators, teachers and students to follow them.
Let’s start with the student factor. With kids bringing their own wireless devices into school and using workstations in classrooms, there is a real risk of infection.. What makes ransomware extra dangerous is that it seeks to spread across the network to infect multiple machines at once.
Students need to be extra careful when connecting to a school’s wi-fi network. The school itself may need to institute a filter system that prevents certain websites or applications from being used by students. That’s because a ransomware virus can be spawned just by clicking suspicious links.
For employees and administrators in a school system, training is the most valuable tool to use. All staff should participate in cybersecurity awareness sessions on an annual basis so that they know how to recognize ransomware threats and keep their own data and devices safe.
Within a school district’s IT department, responsibilities for cybersecurity should be clearly outlined and should never be an afterthought. IT teams need to be proactive in enabling security solutions that can block ransomware threats before they become a reality. Things like firewalls and update policies help keep a school’s network protected.
Planning for disaster
Even the most secure IT systems can still fall victim to ransomware attacks because cybercriminals are always developing new viruses that are difficult to track or block. As a result, school districts need to have contingency plans in case they are attacked and lose access to critical data.
This practice is known as disaster recovery. Whenever a virus is detected, part of your disaster recovery effort should be to shut down the affected system and completely disconnect it from your network. Before that ever happens, though, schools should institute a strong backup policy so that all-important systems and databases are copied to secure locations on a regular basis. One copy of data should always be stored off-site.
Most cybersecurity experts agree that organizations should avoid making ransomware payments whenever possible. This is because you’ll have no guarantee that a hacker intends to release the data after they receive their money. Instead, revert to a backup copy of the affected data as soon as possible.
Most hackers have two goals in mind when they design a cyberattack: to cause damage and to make money. Ransomware has become a major threat worldwide because it accomplishes both nefarious objectives by encrypting local data and extorting money from the affected organization.
School districts are often targeted because they do not have time or money to prioritize cybersecurity concerns and also manage large amounts of critical data. Thus, school administrators have to change the mindset within their organization, including educating students and staff to emphasize the risk that new technology creates. It may not always prevent an attack, but it can sure minimize the headache.
Sam Bocetta is a former security analyst for the U.S. Department of Defense, having spent 30-plus years bolstering Cyber defenses for the Navy. This article originally appeared on Nov. 1, 2019, on EdSurge.