Some simple—but critical—steps will go a long way in fighting ransomware attacks and protecting student data

What teachers and parents should know about ransomware


Some simple—but critical—steps will go a long way in fighting ransomware attacks and protecting student data

Experts explained that the abrupt move to online learning in March of 2020 suddenly put massive amounts of student data online, creating a larger target for criminals and leaving underfunded school IT administrators with a lot to defend. But now, even with students returning to classrooms, security researchers say the problem won’t go away.  The attacks have become higher volume and more brazen over the past year. If history repeats itself, ransomware attacks on school systems will continue to intensify.

The reason for the attacks is simple: money. Ransoms often number in the tens of millions of dollars, and administrators have often simply paid them, out of desperation to protect students and avoid closures. Unfortunately, that’s what keeps the ransomware gangs in business and encourages further attacks. While other organizations are more likely to have budget for data backups and strong defenses, schools often don’t have that luxury.

The public pressure schools often find themselves under is another challenge. The same survey mentioned earlier also found that 72 percent of parents favor having the school pay the ransom in the event of an attack, rather than risk the leak of private student data or the cancelation of classes. As a parent, I fully understand the desire to want to protect the students and doing whatever it takes to prevent their personal information from leaking online. Wanting the school to pay a ransom feels like an immediate fix in such a critical situation.

This is essentially putting a Band-Aid on a bullet wound. Instead of ever paying a ransom, experts say victims should contact the authorities, who may be able to help. There are also ransomware removal tools and decryptors available to help schools remediate the situation. Paying not only encourages the criminals to keep doing it, but also doesn’t guarantee that you’ll recover all of your data. According to another recent study, around 17 percent of ransomware victims who paid still did not get their data back.   

There are other promising signs, however. Eighty percent of participants said their school has shared best practices for students and parents. And 75 percent said they talk with their kids regularly about practicing good security hygiene.

As teachers and guardians of children aged K-12, there are things we can do this fall to help. Talk to your students about how to stay safe online. That should include things like using different passwords for every account, always making prompt software updates and never opening links or attachments from suspicious sites or senders.

Schools should share what they’re doing to protect students and how they plan to keep everyone informed. School IT administrators should also be prompt with security updates, as well as create system backups that are not connected to the internet but are easily accessible in the event of an emergency. They should also implement trainings for staff and students to make sure everyone is informed and doing their part. Using multifactor-authentication, requiring everyone who accesses a school network to prove who they are with more than just a password, is also a must.

As simple as those things sound, they may be the key to fighting back against ransomware. Human beings are generally the weakest link when it comes to cyber defense. But if caregivers, students, and teachers do their part when it comes to practicing security basics, that can go a long way toward reducing schools’ vulnerability to this serious problem. 

Want to share a great resource? Let us know at submissions@eschoolmedia.com.