Whether
you are a teacher, parent, IT professional or student, you have witnessed the
extraordinary transition the education sector has recently undergone. Despite
our schools having already facilitated distance, digital and remote learning
for some years now, there is no doubt that the global lockdown has acted as a
catalyst for further rapid and momentous change.
As our systems
continue to evolve, it is crucial that our data security strategy advances at
the same speed. This means ensuring watertight protection of educational data
against one of the most common forms of attack, ransomware.
Data collected on students, staff and teachers may be highly personal or
sensitive and could include student performance data, demographic
characteristics, or responses to surveys. This data is attractive to a
potential hacker because they understand the impact a data breach could have on
an institution’s reputation, and so therefore see a better chance of obtaining
a ransom for their crime.
By taking proactive as
opposed to reactive precautions, this face-off might never be necessary. IT
teams within schools should consider a data protection strategy on a foundation
of education, implementation, and remediation to be impermeable from the word
go.
Understanding the risks
The journey of understanding
starts after the threat actors are identified. Remote desktop protocol (RDP) or
other remote access tools, phish and software updates are the three main mechanisms
for entry. Knowing this could help your institution focus its investment
strategically, enabling maximum resilience against ransomware from an attack
vector perspective.
Most IT administrators use
RDP for their daily work, with many RDP servers still directly connected on the
Internet. As a result, over half of ransomware attacks currently use RDP as an
entry pathway. Those not accessing via RDP, may instead choose phish mail as
their method of choice. If you are ever unsure if you have received a phish
email, there are two popular tools that can help assess the risk to your
organization These are Gophish and KnowBe4. It is also essential to keep in
mind the need to update critical categories of IT assets such as operating
systems, applications, databases and device firmware. Extend this thorough
approach to data centres, too, as they can be just as susceptible to attack as
the data housed on-site.
Implementation
When it comes to a
ransomware attack, its resiliency hinges on how the backup solution is
implemented, the behaviour of the threat and the course of remediation. As an
important part of ransomware resiliency, implementation of backup
infrastructure is a critical step.
Backup repositories are an
essential storage resource when it comes to ransomware
resiliency, so it is recommended that access to those within the
organisation is not permitted. Insiders having the permissions to access this
data could lead to potential leaks outside of the organisation, so it is
recommended that these responsibilities are managed by a third party, where
possible.
Remediation
Despite ensuring your
institution is educated around the threats of ransomware and implements the
correct techniques accordingly, you should always be prepared to remediate a
threat where necessary.
If you do suffer an attack,
your next steps to remediating ransomware are:
- Do not pay the ransom.
- The only option is to restore data.
One of the hardest parts of
recovering from a hack is decision authority. Make sure you have a clear
protocol in place that establishes who will make the call to restore or to fail
over your data in the event of a disaster. Within these business discussions,
agree on a list of security, incident response and identity management contacts
that you can call on if needed. When a breach happens, time is of the essence,
so you will thank yourself for having prepared in advance.
Much like you would invest
in insurance for your home, you should consider backup an investment in the
same vein. It is something you hope never to need, but if the worst happens,
your institution is protected, and your staff and students’ data is safe. By
properly educating your colleagues on the risks, implementing the appropriate
infrastructure and having the appropriate remediation protocols in place, you
will not only increase your resiliency against a ransomware attacks but also
avoid data loss, financial costs or reputation damage to your school.
