How To Keep Your School Safe Throughout 2021: Cybersecurity and Ransomware

  • February 16, 2021
Petter Lagson Fk7RyOS7ZfI Unsplash

2021. We are all finally adjusting to the new year after enduring a historic 2020. After 11 months, we are beginning to see the light at the end of the tunnel with the distribution of vaccines and many administrators and students are hopeful to be back on campus collaborating with each other in real time within the next few months. 

While this is the ideal situation for many, several educational institutions are projected to leave remote learning as an option or continue implementing a hybrid model. 

To ensure that your students and staff, remote or in-person, are prepared to face the new cybersecurity threats this online era will likely provide, we have put together a list of tips below on how you can protect your school from cyberattacks both at home and on campus.

First Things First: What Are the Odds of Getting Hacked?

Every year, educational institutions face more and more cyberattacks that run the risk of costing schools millions of dollars. According to a 2016 report from digital forensics and cybersecurity firm LIFARS, spear phishing attacks can cost U.S. businesses an average of $1.8 million per incident.

Cyber risk management company BitSight also published a 2016 report stating that higher education had the highest rate of cyberattacks among industries surveyed, and the second highest amount in 2017.

Not only is higher education a major focus of hackers in this day and age, but K-12 schools are also being targeted. In November 2020, Baltimore County schools were the victim of a ransomware attack which resulted in the cancellation of classes for 150,000 students — and that is just one of many schools that were targeted since the beginning of the COVID-19 pandemic.

Planning for a new school year — and planning for the potential of hybrid — in our ever-changing world is only opening the door for more vulnerabilities in schools’ cybersecurity plans.

According to Consortium for School Networking Cybersecurity Project Director Amy McLaughlin, “The shift to remote learning opens the door for different points of attack that most school districts weren’t set up to support.”

And don’t be fooled, COVID-19 is not the only reason these schools are being targeted. According to PEW, ransomware attacks on school districts were already spiking before March 2020.

“Cybercriminals have been getting more savvy about how to target school districts,” said Doug Levin, a cybersecurity expert who runs EdTech Strategies. “And they understand that school opening is a high-stress, high-leverage point for them to attack. You are trying to enroll students, sign up for your PTA, and coordinate bus schedules.”

So before you plan to open fully in the fall, commit to hybrid learning or stick to remote learning, it is essential that school administrators fully examine the efficacy of their cybersecurity systems in place and emphasize training their students and staff on cybersecurity best practices.

 

How to Identify a Phishing Email or Malware Attachment

The framework for creating an effective cybersecurity awareness within your school begins with orienting your students and staff with the types of cyber attacks they are likely to come across at one point or another.

According to Cisco, a worldwide leader in IT, networking and cybersecurity solutions, the most common types of cyber attacks are the following:

  1. Malware: Includes malicious software, spyware, ransomware, viruses and worms which make a network vulnerable usually after a user clicks on a dangerous link or email attachment.

    • Malware can install harmful software, covertly obtain information and block access to important parts of a company’s network.

  2. Phishing: A practice of sending fraudulent communications, appearing to come from a reputable source and usually over email, to steal sensitive information such as debit and credit card information or to install malware on a user’s computer. This is one of the most common types of cyber-attacks.

    • For a school this could look like an email asking a student to change their portal password by clicking on a link. Or, someone posing as a professor asking for personal information.

  1. Man-in-the-middle attack: These incidents occur when an attacker inserts themselves into a two party transaction. Common entry points include when a user is logged on to an unsecure public Wi-Fi service or when an attacker uses malware that has already breached a device to then install software to process all of the victim’s information.

 

It’s safe to say that cyber-attacks are only on the up rise and the likelihood that your school will be attacked with phishing emails, password hacks or infected malware links increases every year. Start this year off right by following the guidelines provided below and make sure to double check your security knowledge to avoid the above targeted cyber-attacks.

 

 Top 10 Secure Computing Tips from the Berkeley Information Security Office

The mission of the Berkeley Information Security Office is to, “guide Berkeley in the management of information security risk and help safeguard data and systems to enable the mission of teaching, research and public service.” Here is a run-down of their “Top Ten List of Secure Computing Tips“:

  1. You are a target to hackers

    • Don’t ever say, “It won’t happen to me.” Everyone is at risk and the stakes are high. Cybersecurity is everyone’s responsibility.

  2. Keep software up to date

    • It is critical to install software updates for your operating system and programs. Other tips include:

      • Turn on automatic updates for your operating system.

      • Use web browsers such as Chrome or Firefox that receive automatic, frequent security updates.

      • Keep browser plug-ins like Flash and Java up-to-date.

  3. Avoid phishing scams — beware of suspicious emails and phone calls

    • Phishing scams can be conducted by texts, phone calls, social networks or — most commonly — through email.

    • Be suspicious of any official-looking emails or phone calls that ask for your personal information.

    • When in doubt, reach out to the person who may have emailed you and confirm they sent you an email or left you a voicemail.

  4. Practice good password management

    • A password manager like LastPass can help you maintain strong, unique passwords for all of your accounts. DO NOT reuse passwords.
  1. Be careful what you click

    • Avoid visiting unknown websites or downloading software from untrusted sources.

    • These sites often host malware that will automatically install (often silently) and compromise your computer. If attachments or links in the email are unexpected or suspicious for any reason, don’t click on it.

  2. Never leave devices unattended

    • If using a laptop, phone or tablet, lock it up securely so no one else can use it.

    • On a desktop, lock your screen or shut down the system when not in use.

    • Keep data stored on a flash drive encrypted and locked up. Visit norton.com to learn how to encrypt a flash drive.

  3. Safeguard protected data

    • Keep high-level protected data like social security numbers, credit card information, health information, etc. off of work-related computers.

  4. Use mobile devices safely

    • Lock your phone with a pin or password.

    • Never leave it unattended in public.

    • Keep your technology’s software updated.

  5. Install anti-virus/anti-malware protection

    • Only install these programs from known and trusted sources.

    • Popular anti-virus software include Norton, Kaspersky, Bitdefender and McAfee.

  6. Back up your data

    • Back up your data regularly. If you are the victim of a security incident, the only guaranteed way to repair your computer is to erase and re-install the system.

 

In conclusion, every student and staff member, in person or remote, is responsible for a school’s cybersecurity and there is no time to waste. Keep your school safe throughout 2021 and implement the tips listed above to prepare for a possible future cyber-attack.