In February 2016, South Carolina’s Horry County School District was forced to pay a $10,000 ransom to unlock critical data and systems following a ransomware attack. This certainly came as a shock, but unfortunately these types of attacks on schools aren’t all that uncommon. But one has to wonder – could the attack have been prevented? Once it happened, could Horry County have avoided paying the ransom?
Ransomware is insidious and effective, and its use is growing fast. Increasing numbers of people in organizations of all sizes have experienced the profound dismay of showing up to work, only to find their files inaccessible and a ransom demand on the screen.
The good news is that with the right combination of protective measures, it is entirely possible to block most attacks—and to render powerless those few that may get into your network.
K-12 is a Prime Target—Here’s Why
Until now, K-12 IT professionals have been slow to adopt protections against ransomware, perhaps thinking that they are unlikely to be targeted. But as Horry County learned, any organization whose userbase includes young people and children is an especially tempting target for ransomware. Young users are simply less mindful of potential consequences, and more likely to open suspicious email and attachments, which is how most attacks begin.
Education budgets don’t normally include blank checks for cyber criminals. But an investment in effective anti-ransomware measures should be a priority for any K-12 organization that wants to avoid nasty, expensive surprises.
3 Measures Schools Can Take to Stay Ahead of Ransomware:
1. Training and Awareness
Most ransomware attacks begin with an email containing a malicious link or attachment. Consequently, the single most important measure you can take to reduce the likelihood of a successful attack is to train yourself, your students, families and your staff to practice safe computing and recognize red flags that indicate a potentially malicious email.
Ensure all users understand the following key practices, and maintain awareness with a program of regular reminders:
- Don’t open suspicious emails. Pretty much anything unexpected or out of the ordinary is a potential attack, even if it comes from a trusted source. If possible, contact known senders separately to confirm the email is authentic before opening.
- Learn to spot red flags. Some telltale signs of an attack include:
- Unexpected grammar or spelling errors in a supposedly professional email
- odd, middle-of-the-night time of sending
- Typosquatting, in which the “From” domain looks legitimate at first glance, but is actually slightly misspelled or has things added—“firstname.lastname@example.org,” for example
- Buttons and links in the email that connect to unexpected, suspicious URLs. To check this, hover the cursor over the link or button, and the URL will appear at the bottom left of your window. Train students and staff to do this reflexively.
- When in doubt, delete!