Prepping For The Holidays Means Preparing For Ransomware Attacks
By Rick Vanover, senior director of product strategy, Veeam
As the holidays approach, many schools are looking toward the upcoming fall and winter breaks. The same can be said for bad actors who capitalize on when staff and students are preoccupied with exams and preparing to return or leave the classroom to launch cyber attacks.
Often these attacks take the form of ransomware where bad actors seize files containing sensitive data, encrypt them and demand a ransom payment for returning the information. A single attack can lead to hundreds of student and staff medical records, financial histories and social security numbers in the hands of hackers.
Ransomware attacks on K-12 schools increased by 56% in the past two years. As the holidays approach, bad actors will be waiting for school IT departments to become preoccupied with last-minute staff and student demands. It is imperative that schools do their best to provide a learning environment that’s safe from all threats, including ransomware.
Schools should increase their cyber preparedness by developing a disaster recovery plan, educating their staff and students about cyber risks and practicing strong cyber hygiene across their networks as much as possible.
Developing a disaster recovery plan
A strong disaster recovery (DR) plan first requires an IT baseline. Schools should examine their entire IT infrastructure and develop a comprehensive list of all their hardware, software, device and applications in addition to details like passwords and file location.
With this in place, schools can then create a plan with all their IT components in mind. This plan should include clear, tactical steps to follow, and leaders should ensure that every employee knows their role and responsibilities before, after and during an attack.
One essential element of this plan is an organization’s backup approach. Schools should look to implement the 3-2-1-1-0 rule when it comes to their backup strategy as much as possible. In this rule, each number signifies a policy. First, a minimum of three copies of data should always be maintained — though schools are highly recommended to maintain four or five copies if possible. Next, at least two of the copies should be stored on two different types of media with one copy stored off-site and one offline to provide additional resources in case other backups are compromised. The final number, zero, signifies that there should be zero errors across the backups. If schools use this rule as a baseline for their backups, they should be able to recover their data and be confident in its reliability.
Schools’ IT teams are a crucial line of defense against ransomware attacks. Though budgeting and funding can be a challenge for school districts, investing in IT teams and retaining a dedicated cybersecurity professional can ensure that the DR plan is enacted correctly when a ransomware attack occurs and that procedures are assessed on an ongoing basis.
To extend their reach, IT teams need to make employee education a priority. This means arming staff with resources and training on basic cybersecurity measures and preparing them for an attack with practice drills. Like a fire drill, ransomware attack drills can help staff practice their DR plan’s steps in anticipation of an actual event.
Staff should also receive regular training and education on the most up-to-date cybersecurity practices. This training will allow them to become familiar with the threat landscape, so they’re knowledgeable on the latest trends as hacks progress in sophistication. Current phishing attacks against schools impersonate well-known companies or colleagues’ names in email addresses and use relevant subject lines to catch users’ attention like “Re:Budget” or “COVID-19 Updates” — making sure staff is aware of these tactics can decrease the number of successful attacks significantly.
Taking these preemptive steps to ensure that IT departments and staff are confident in DR plans and knowledgeable in cybersecurity trends can save K-12 schools money and time in the long run.
Practicing strong cyber hygiene
Practicing good cyber hygiene can help mitigate risk across an organization and can be as easy as keeping up to date with current patches and reminding users to slow down and think critically about the messages they receive. Though simple, those practices are critical in stopping hackers from gaining access to sensitive data.
Schools should also implement a strong password policy and provide end users with a password manager and education on how to use it. To measure the success of these efforts, schools should conduct organization-wide tests to gauge user awareness and reinforce the importance of identifying potentially malicious emails.
With holiday breaks approaching, schools need to be more resilient and prepare for the worst. Schools should assume that breaches may happen and try to prepare and mitigate their risk as much as possible. If schools stay ready by developing a DR plan, educating their staff and IT team and practicing good cyber hygiene, they will be prepared when ransomware attacks occur.