In February 2016, South Carolina’s Horry County School District was forced to pay a $10,000 ransom to unlock critical data and systems following a ransomware attack. This certainly came as a shock, but unfortunately these types of attacks on schools aren’t all that uncommon. But one has to wonder – could the attack have been prevented? Once it happened, could Horry County have avoided paying the ransom?
Ransomware is insidious and effective, and its use is growing fast. Increasing numbers of people in organizations of all sizes have experienced the profound dismay of showing up to work, only to find their files inaccessible and a ransom demand on the screen.
The good news is that with the right combination of protective measures, it is entirely possible to block most attacks—and to render powerless those few that may get into your network.
K-12 is a Prime Target—Here’s Why
Until now, K-12 IT professionals have been slow to adopt protections against ransomware, perhaps thinking that they are unlikely to be targeted. But as Horry County learned, any organization whose userbase includes young people and children is an especially tempting target for ransomware. Young users are simply less mindful of potential consequences, and more likely to open suspicious email and attachments, which is how most attacks begin.
Education budgets don’t normally include blank checks for cyber criminals. But an investment in effective anti-ransomware measures should be a priority for any K-12 organization that wants to avoid nasty, expensive surprises.
3 Measures Schools Can Take to Stay Ahead of Ransomware:
1. Training and Awareness
Most ransomware attacks begin with an email containing a malicious link or attachment. Consequently, the single most important measure you can take to reduce the likelihood of a successful attack is to train yourself, your students, families and your staff to practice safe computing and recognize red flags that indicate a potentially malicious email.
Ensure all users understand the following key practices, and maintain awareness with a program of regular reminders:
- Don’t open suspicious emails. Pretty much anything unexpected or out of the ordinary is a potential attack, even if it comes from a trusted source. If possible, contact known senders separately to confirm the email is authentic before opening.
- Learn to spot red flags. Some telltale signs of an attack include:
- Unexpected grammar or spelling errors in a supposedly professional email
- odd, middle-of-the-night time of sending
- Typosquatting, in which the “From” domain looks legitimate at first glance, but is actually slightly misspelled or has things added—“hacker@bankofarnerica.com,” for example
- Buttons and links in the email that connect to unexpected, suspicious URLs. To check this, hover the cursor over the link or button, and the URL will appear at the bottom left of your window. Train students and staff to do this reflexively.
- When in doubt, delete!
(Next page: 2 more ransomware solutions)
2. Secure Your Network
Effective user training can help stop a lot of attacks, but keeping your network free of malware also requires a combination of effective perimeter filtering, strategically designed network architecture, and the capability to detect and eliminate resident malware that may already be inside your network.
- Prevent threats from entering the network with a next-generation firewall or email gateway solution to filter out the majority of threats. An effective solution should scan incoming traffic using signature matching, advanced heuristics, behavioral analysis, sandboxing, and the ability to correlate findings with real-time global threat intelligence.
- Control and segment network access to minimize the spread of threats that do get in. Ensure that students can only spread malware within their own, limited domain, while also segmenting. For example – allow administration, teachers, and guests, each with limited, specific access to online resources.
- Clean house. Your infrastructure likely contains a number of latent threats. Email inboxes are full of malicious attachments and links just waiting to be clicked on. Similarly, all applications—whether locally hosted or cloud-based—must be regularly scanned and patched for vulnerabilities.
3. Backup—Your Last, Best Defense Against Ransomware
When a ransomware attack succeeds, your critical files—HR, payroll, grades, health records, confidential student files, email records, etc.—are encrypted, and the only way to obtain the decryption key is to pay a ransom.
But if you’ve been diligent about using an effective backup system, you can simply refuse to pay and restore your files from your most recent backup—your attackers will have to find someone else to rob.
Automated, cloud-based backup services can provide the greatest security. Reputable vendors offer a variety of very simple and secure backup service options, priced for organizations of any size.
For budget or other reasons, your organization may be committed for the time being to a legacy, on-premises backup solution. If so, you should certainly be planning to transition to a cloud-based system. In the meantime, be sure to configure your system to update backup files throughout the day, and be extremely diligent about moving your current backups to a secure, off-site location every evening.