Preparations for the fall must include strategies to defend against the rising tide of ransomware and other security threats, with awareness and education as well as a comprehensive security strategy for learning that may take place from anywhere.
Provide training and education
Although ransomware attacks often start with an approach as common as phishing, bad cyber actors have adapted, using sophisticated social engineering tactics and phishing in places that even the savviest of users aren’t expecting.
Users need to understand that desktop computers aren’t the only place phishing occurs. Mobile devices and Chromebooks also provide access to the same systems and information hackers seek and can be easier targets for phishing. Threats on mobile devices are more challenging to identify due to their smaller size and the confined interface, requiring users to be especially careful of the links they visit. Applications are another consideration, as users often accept permissions for data access that may put both school and personal data at risk.
Good security training should acknowledge that it’s not just email that can be a tool for cybercriminals — it’s also social media, text messages, and apps. Informing users of potential risks and precautions when using connected devices can add one extra layer of protection to their district.
Enforce security across a broad attack surface
Albeit crucial, training is still not a substitute for sound security policies; districts need to look at existing policies and protections to ensure systems are secure even when users make mistakes or bad actors enter from another route. In today’s more connected and dispersed learning environment, protections must consider the broader attack surface and extend to mobile devices and the cloud.
Just as user education needs to extend to mobile devices, adequate modern endpoint security must as well. Mobile protection should identify and prevent device risks from phishing, malware, and network-based threats, alerting users when they’ve encountered a risk.
Threat hunting capabilities should also extend to identify and stop known and unknown threats on mobile devices, tablets, and Chromebooks.
When it comes to the cloud, your organization needs to understand what’s happening. The most common way for an attacker to deploy ransomware is by stealing credentials and moving laterally within your infrastructure. Technologies like cloud access security broker (CASB) monitor your users and data to identify abnormal behavior so you can identify a compromised credential or insider threat.
Navigating the intersection of remote learning and hybrid in-classroom approaches is a new challenge for today’s students and teachers. The reality is that bad actors will take advantage of any situation to profit through ransomware. The key to preventing and mitigating risk is communicating security risks and implementing proper security to keep school districts safe.
- Is K-12 ready for skills-based hiring? - May 23, 2022
- How to build relationships with instructional coaches - May 20, 2022
- 3 keys to supporting students during a mental health crisis - May 20, 2022