As the country grapples with how to ensure the safety of our students, teachers, and support staff amid the COVID-19 pandemic, many still have not gone back to full-time, in-person learning. The majority of the school districts across the country have adopted a hybrid model, while many schools are operating entirely online. Extensive use of online environments raises an interesting and slightly different safety question.
Are school districts prepared to ward off ransomware attacks? Reported cyberattacks paralyzing operations from managing digital classrooms to configuring and monitoring school bus routes suggests many schools are not adequately protected.
Recent data support the widespread struggle. According to a recent EdTech Magazine article, “Since 2019, more than 1,000 educational institutions have fallen victim to ransomware. With most schools implementing some form of online instruction this school year, these attacks have only increased in volume and speed, and their impact is much more significant.”
Further complicating the issue is that a significant number of school districts are not well-funded and don’t have the resources to afford the robust, multi-disciplinary teams needed to fend off today’s sophisticated cyberattacks.
Before the pandemic, many schools functioned in an analog world and were thrust – ready or not – into an entirely digital existence. Cybercriminals recognized the opportunity and have been acting accordingly. However, if a school district can’t afford the cybersecurity team needed to fend off attacks, are they ready to fork over $50,000 to the attackers the way Athens ISD, southeast of Dallas, TX, did? Considering cybercriminals’ skill and relentlessness, is $50,000 merely an opening wager?
So what can school districts do to help prevent such a catastrophic occurrence? Here are some helpful tips compiled primarily from EdTech Magazine but corroborated from across the web:
- Cybersecurity fundamentals. To help prevent ransomware attacks, have devices configured correctly, make all needed software and hardware updates, and install needed patches. Also, educate students and staff on proper use and best practices, such as protocols for recognizing suspicious or malicious emails. Also, it’s vital to encrypt sensitive data so that if attackers to secure sensitive data, it is useless to them.
- Effective data backup protocols. It’s a solution as old as computers themselves. Strategically configure backups of key data, applications, and application platforms. Additionally, configure backups in a manner that, if attacked, the backups are not also corrupted.
- Automate where possible. Considering the number of parents, students, and teachers with varying levels of tech savvy now relying on strained technology resources, maximizing the value of your IT team’s time is key. Automate defenses where possible, and ensure a base level of protection.
- Properly manage and erase data. Consider software that can scan for personally identifiable information to ensure the location of this data is known, and it is being handled properly. And since many districts are distributing devices, have the ability to remotely wipe devices if they’re lost or stolen.
- VPNs and firewalls are not enough. Remote learning means teachers and staff are accessing the network from outside of the school’s traditional perimeter. VPN utilization a big help; however, strongly consider multifactor authentication and more secure password constructs.
Cybercriminals have gotten more sophisticated, attacks have become more relentless, and the technical knowledge required to keep your organization safe has grown exponentially. But don’t get overwhelmed. At SilverSky, we spend all day, every day providing solutions to defend our clients’ organizations. We employ the diverse technologies and technical expertise required to stand up to today’s cybercriminals—we’re here to help. Contact us.