Senior Consultant, The BlumShapiro Cybersecurity Team
Generally, we tend to think of our elementary schools as a “safe place” from cyber attack, ransomware, phishing and other online scams. But it’s time for us to think again. K-12 schools are now considered a “prime target” in the world of cyber attacks. The reason why may be more simple than you think. Children and young students are being targeted simply because they are less mindful and less knowledgeable about online threats. These users are more likely to inadvertently click malicious links and open suspicious email and attachments – just enough to affect the entire school (computer labs, iPads, tablets, etc.). If you’re an Administrator for a public school district or a member of a local Board of Education, you’re aware that IT budgets tend to not include thousands of dollars budgeted for ransomware attacks. So how can you protect your schools? Remember the following ABCs…
Awareness – It’s important for schools to raise the awareness of online threats and attacks for all users (teachers, staff, and students). For younger children, keep it simple by teaching them to “say no to pop-ups” and practice “click carefulness” where they don’t open links or emails that they are unsure about. Make sure the teachers and staff are mindful of targeted phishing email attacks and always verify the sender if the sender is asking for personal, financial, or student information.
Backups – Having a secure, reliable backup procedure in place should be a top priority of your IT Department. Daily backups (ideally offsite) are the best way to go so that even if your network is compromised, data can be recovered and files can be restored. Regular testing of backups are highly recommended; on at least a quarterly basis, a backup restore test should be performed, with results recorded, so that School Administrators can rest assured that backup restores will be successful if (or when) needed.
Remember, having a secure backup procedure in place won’t do you any favors if you have users saving locally to their desktop. Make sure that students, staff, and teachers are saving to your secure network. That way, should their workstation become compromised or infected, they can disconnect from the network and still get their files back.
Cloud – More and more school districts are considering upgrading their older IT infrastructures and architectures to cloud-based solutions. Many cloud applications offer multi-factor authentication which increases security. In addition, cloud programs can transfer the burden (and risk) of storing and securing student information (grades, medical information, etc.) from the district to the cloud provider. For this reason, it is of extra importance that you have your IT professionals fully vet cloud vendors and obtain independent SOC reports validating vendor controls.
Security firm, SonicWall, has reported that ransomware attacks have surged from 4 million incidents in 2015 to nearly 638 million in 2016 nationally. More and more K-12 schools are becoming the target (and victim) of such attacks. Older, less sophisticated networks and younger, more inexperienced users make these schools prime targets for cybercrime. Remembering the above ABCs will help better inform and prepare your School for the online dangers and threats facing our schools in 2017 and the years ahead.
How BlumShapiro Can Help
BlumShapiro Consulting can offer a fresh perspective of the challenges and risks that your organization faces by evaluating people, processes and technology through a number of consulting methodologies. Our staff is uniquely equipped to assist with the initial steps of identifying and assessing potential weaknesses through risk and vulnerability assessments. The assessments conclude with a customized and actionable report suitable for both technical and non-technical audiences that identifies immediate opportunities for improvement. Let us help you achieve visibility into your current security posture and help you gain the comfort of knowing that you’re prepared to meet any challenge. Learn more >>