As if e-learning doesn’t already come with a heaping mound of obstacles for parents, teachers, and children – we must also be extremely cautious and prepared for a cyber-related attack as our educational leaders and kids are doing their best to fit in educational content during this unpredictable pandemic. With a large percentage of schools closing in-person learning and opting for e-learning, cybercriminals once again are on the rise in taking advantage of this new scenario. They know all too well that the individuals behind e-learning are already vulnerable since this has never been done before.
Only weeks into the school year, many districts have already reported several cyberattacks and have even had to push back their start dates. The biggest attacks we’re seeing is through ransomware stemming from phishing emails. Ransomware especially continues to plague K-12 schools nationwide and won’t be slowing anytime soon. If you’re not familiar, ransomware is a type of malware that cybercriminals use to extort money from their victims while strategically encrypting user data and preventing them to access their files until said ransom is paid via virtual currency.
Unfortunately, school districts are seemingly easy targets because they must access their systems daily to complete their work. The ransomware is commonly spread by a phishing email that contains a malicious attachment – and just one click of that attachment by someone not paying attention or properly warned, the malware is installed and the infection spreads like wildfire.
This is why it’s extremely crucial as an organization to educate your employees and/or staff to be prepared for these types of attacks. We understand the chaos of transitioning to e-learning and how foreign it may be right now since it’s new territory, but we can’t forget the other risks associated with virtual learning and accessing systems remotely. We must always try to implement a security and awareness training program for all administrators, teachers, parents and children.
Here are some helpful tips to better protect online classrooms from ransomware attacks and phishing emails:
1. Back up all data and files – first and foremost (and this should always be done on your personal systems, too), back up your data! You might as well assume that bad things are going to happen, even when you don’t think they will. This allows you to be more prepared and proactive if a cyberattack were to occur. Always having a backup plan is one of the smartest and safest ways to help protect your data. Be sure to save any important files or data to an offsite backup location so they too don’t become infected.
2. Consider implementing automation – with the use of automation, this can help free up some time for the IT manager to stay ahead of any potential cyber threats and perform more monitoring rather than constantly babysitting the system’s protection. Automation will allow for better time management, eliminate the manipulation of paper documents, define business processes, identify unused resources, easily manage multiple teams and/or users, plus much more - the benefits are substantial.
3. Develop an identity management strategy – schools can no longer rely on just having a firewall and virtual private networks to keep their systems safe. Moving forward, it’s best to strategize a plan for proper identity management for all users including secured authorization and authentication codes for accessing programs and other data.
4. Scan and wipe – IT teams most definitely need to use software scanning programs that allow for detecting and flagging sensitive and high-risk information such as social security numbers, health records, and so forth. These scanning abilities and tools will also make it easier for the IT team to find any malicious content, misconfigurations, and vulnerabilities in their systems. In addition to scanning tools, districts distributing any devices to students must have remote wipe capabilities. With these mobile device management solutions, the remote wipe can track the phone and remotely erase data on the device if it were to become stolen or lost.
5. Be sure all the basics AND bases are covered – make sure the simplest and most effective security measures are accounted for such as properly configuring your system and devices to prevent an attacker from accessing sensitive data. And again referring back to security awareness and training programs – make sure all teachers and students are understanding cyber education especially since they’ll be using their devices from home and accessing software and applications outside of the school’s network - individuals need to be aware of the risks and the signs of malicious intent. And last but not least, make sure to always encrypt sensitive data to prevent unauthorized users from accessing that information.
If you have any other questions or need help properly securing your school district during this time, contact us at TechGuard - we're always here to help.