Schools’ data have been hit harder than in previous years with cyberattacks and sophisticated ransomware. In the U.S., there have been at least 27 confirmed data breaches this year; in January alone, 14 schools in the U.K. had document leaks.
This followed an attack last year by the ransomware cybercriminal gang Vice Society which is responsible for attacks on schools in the United States and the United Kingdom. Children’s SEND information, child and parent passport scans, staff pay scales, and contract details are just some documents accessed and sold on the dark web. Some of the stolen information dates back to 2011.
Schools Are a Prime Target for Cyber Criminals
Schools are targeted, specifically, for their rich data. According to the U.K. government’s 2022 cyber breaches survey, 41% of primary and 71% of secondary schools reported an attack in the past 12 months. The U.S. saw a 27% increase in attacks from Q4 2022. The education sector is considered a soft target because they notoriously lack protection, budget and resources.
Schools Must Prepare to Prevent Cyber Attacks
Schools must have an incident response plan ready that helps quickly contain threats and minimize the damage. The best way to address an attack as it’s happening is to gather as much intel as possible. Creating an effective incident response plan with strategies for potential threat response will help mitigate loss. Understand the data you hold and ensure expiry dates are set for automatic archival or destruction.
- Ensure policies are in place
- Conduct vulnerability assessments
- Keep end-point protection current
- Keep a dedicated manager
Data encryption protocol can serve as part of your second-line defense against attacks. Make sure you segregate and limit the number of people managing and accessing data.
Ensure your security policies align with data protection regulations. Staff and teachers should receive regular cyber awareness training and system audits.
4 Steps Schools Need to Take During a Cyber Attack
Here is what you can do if an attack is in progress.
1. Identify the Source of the Attack
Identify the source of intrusion immediately. The quicker, the better, which is why it’s important to have someone constantly monitoring the network. There are some automated response solutions available that can assist in fast threat identification.
When identifying a security incident, communication is key. Make sure all stakeholders are informed or consulted as soon as possible.
2. Contain The Cyber Attack
Mitigate the damage as soon as your data is breached. This could mean removing or taking systems offline. You’ll want to secure vulnerabilities and remove or isolate hackers from the systems.
If it is a ransomware attack, do everything possible not to pay the ransom demands. This only perpetuates the problem. Additionally, there is never a guarantee the data returned will not be compromised.
3. Eradicate the Ransomware Threats in Your System
As soon as the threat is contained, the next step is to eradicate it. Identify how the network has been compromised to reinforce the weaknesses that allowed the data breach in the first place. This will help reduce future risks. Actions during this phase will depend on what type of attack occurred. For example, if it was through an employee’s login credentials, lock and secure their account.
4. Recover to Avoid Repeat Cyber Attacks
Once the threat has been contained or removed, you can focus on getting your systems back online. This can be challenging and complex as hackers like to leave a mess. It is essential to do this quickly to avoid repeat attacks.
You’ll then want to test and monitor the affected systems, ensuring the new measures you’ve implemented are working properly.
The Best Defense Against Ransomware in Schools is a Good Offense
Despite a school’s best effort to stay cyber secure and no matter how strong your cyber security posture is, the reality is sometimes attacks and breaches slip through the cracks. This means it’s critical to be prepared.
Should an incident happen, take time to assess the situation and learn lessons so your school’s cyber defense strengthens against present and future threats.
Understanding How Students Use Your Network Can Prevent Ransomware
Aside from blocking suspicious apps and URLs, having real-time visibility into students’ web use and all web traffic will also help prevent ransomware. Live web traffic visibility is not as common in a web filtering solution as you might think. But having this ability in your edtech will provide granularity. All of which can help I.T. staff instantly identify suspicious network activity. More importantly, they can respond quickly to head off attacks in progress.
Combining multi-layer threat protection with active network monitoring provides multiple elements of cyber defense. Impero’s ContentKeeper full-featured web filtering and security solution offers both within a single platform. It supports all devices and web browsers, playing a critical role in helping schools protect their networks from ransomware and other cyber threats.
If you want to learn more about how Impero ContentKeeper and our complimentary products can be the core of your Defense-in-Depth strategy, book a demo today.