These tips will help you protect your schools from ransomware attacks
If we learned anything at the K-12 Cybersecurity & Safety Leadership Series panel discussion we hosted about the state of K-12 cybersecurity, it’s that ransomware is keeping district IT leaders up at night. Ransomware impacts K-12 cyber safety and security in a variety of ways, making school ransomware protection a necessity and a challenge for IT teams.
Student cyber safety and security are closely related, and traditional tools such as web content filters and firewalls aren’t effective on their own. For example, there’s a new class of school cyber incidents that relate to class invasions and related disruptions. These “Zoombombing” incidents threaten student cyber safety and wellness because students are exposed to hate speech, shocking and explicit images, threats of violence, and more.
In addition, there’s a new form of ransomware in the cloud that allows hackers to gain access to cloud data in widely used apps such as Google Workspace and Microsoft 365 among others. The problem is aggravated by the fact that many districts are vulnerable. Many lack the financial and expertise resources to properly protect school data from ransomware and other types of K-12 cybersecurity risks. On top of that, cybersecurity myths abound, making IT teams less likely to implement practical protections that don’t require much investment or expertise.
Districts could implement more advanced cybersecurity protections by following guidelines such as the K-12 NIST Cybersecurity Framework. And, following school ransomware protection advice is a good start.
20 School Ransomware Protection Tips
We’ve gathered all the wisdom from the panel discussion into this list of school ransomware protection tips.
- Develop a Written Response Plan. Work with your legal and communications team along with your board to develop a response plan. It will save the precious minutes you will need to respond when an attack occurs.
- Keep Your Board Involved. Unlike threats such as a water leak, cyber threats are unseen. Make sure your board understands the risk, what you need to do to avoid them, and what will happen if you are attacked.
- Train Users in Cybersecurity Practices. All system users should have regular training to help them spot suspicious activity, avoid problems such as phishing emails, and more to allow them to participate in keeping the district safe.
- Practice Your Cybersecurity Response. Treat cybersecurity drills in the same way you do fire drills.
- Keep Hardcopies of Response and Recovery Plans. If your systems are down, you’ll need access to the plans you’ve made and a response and recovery contact list.
- Maintain Offline Backups. A ransomware attack will typically include your backups. Maintaining offline backups will let you recover much more quickly.
- Maintain 24/7 Cybersecurity Monitoring and Detection. This is critical even if you need to outsource these services, especially since many hackers plan attacks at night, on weekends, and holidays. Monitoring will help detect ransomware early warning signs, so your team can lock things down quickly and limit the harm.
- Establish a Written Data Use Policy. Develop a data use policy and conduct regular training for teachers and staff.
- Purge Old Files. Your district will be less attractive to hackers, and you’ll lose less data if you are attacked.
- Set Up Access Alerts. For those files that you must retain, set up alerts when a user tries to access, download, and/or share them externally.
- Manage 3rd Party Vendors. School vendor security is an important link in your cybersecurity chain that is often overlooked. Avoid 3rd party app ransomware threats by keeping track of the vendors that have access to your systems and/or sensitive data and enforce a vetting procedure before anyone uses their apps.
- Keep Track of Those Requesting Data. Some innocent requests for PII can be a problem, meaning that you need to know about all data requests and evaluate them.
- Get a Second Set of Eyes. Exchange reviews with neighboring tech directors to get another set of eyes on your configurations, tools, response plans, etc.
- Leverage a Student Tech Club. Consider setting up a student tech club, with students who can do things such as test updates and notify you of vulnerabilities they see in the classroom, to free up your IT team for more critical work.
- Restrict Access to Admin Rights. Students and teachers shouldn’t be assigned admin rights by default. If they or district administrators request that access, it should be a considered decision.
- Disconnect RDP Services to the Internet. Remote Desktop Protocol (RDP) services shouldn’t be accessible via the internet.
- Block Downloading Macros from the Internet. Macros are bits of computer code that can perform a series of actions automatically. However, macros being downloaded from the internet can contain malicious code.
- Require Two or Three Levels of Authentication for VPN Access. Anyone accessing your VPN should confirm their right to access it using more than a simple username and password.
- Establish Multiple Layers of Phishing Protection. Many ransomware attacks start with phishing emails, making it critical to protect against them. Also implement tools to detect lateral phishing.
- Implement “Automate and Respond” Systems. To the greatest extent possible, use systems that can reduce human intervention and error, and give you the chance to respond to threats immediately, thus reducing and/or eliminating an attack’s effectiveness.
There is no doubt there are many things K-12 IT leaders can do with these school ransomware protection tips. Many of the cybersecurity incidents reported last year could have been avoided if cybersecurity essentials were in place. But, it’s important to remember that while you may not be able to stop every attack, you can’t let “perfect” get in the way of incremental improvement.
Everything that you do will help make your district become a little less attractive to cybercriminals. For more information about these K-12 ransomware tips, you can watch the panel discussion recording.