preloader

K-12 and Higher education institutions being targeted for cyber attacks

Often times higher education is not thought of being an industry targeted by cyber criminals for ransomware attacks, however nothing can be further from the truth.

K-12 schools are not going unscathed either from cyber attacks and will only get worse in the near future. A ransomware attack caused Albuquerque Public Schools, the largest district in New Mexico, to close down for two days in mid-January of 2022.

Lincoln College forced to close

One of the most extreme examples of a school being affected by a cyberattack is Lincoln College. After a 157 years of operation on May 13, 2022 the school was forced to close. Initially hit by the COVID-19 pandemic with limited recruitment the final blow came in the form of a severe ransomware attack that limited the faculty’s access to critical school data, making it even more difficult for the school to find new potential students and keeping the doors open.

Ransomware, a Disruptive Cyber Attack

Ransomware attacks, if successful can result in damage to institutional reputation, productivity, and the ability to operate for school institutions costing thousands of dollars if not prepared. While ransomware and other threats have been around for a while, tactics are evolving and growing to find new ways to penetrate an institution’s IT infrastructure and information systems.

Ransomware tends to happen when school institutions have not updated their IT infrastructure (servers and software) exploiting vulnerabilities, poor systems patching and weak endpoint protection. Institutions need to take a proactive approach by incorporating cyber-hygiene through patching or updating systems and increasing awareness through user training to prevent these types of attacks before they occur. Institutions also need to be prepared to respond when prevention fails.

 

  • Compromised communications due to phished or compromised email accounts
  • Inability to access firm information due to ransomware (i.e., where hackers encrypt files and demand money to restore access)
  • Public leaks of personal or business information (e.g., on social media)
  • Loss of public and client trust in your firm – reputational damage
  • Malpractice allegations and lawsuits

How Cybernon Helps K-12 & Higher Education

Third-party risk – those vendors who have access to the institution’s infrastructure – is also coming under scrutiny (as it should). For example, the vast majority of institutions use a student information system from a vendor, e.g., Salesforce, Oracle, Jenzabar, Ellucian, and those applications have detailed personal information on 1000s of students.

Now think of the SolarWinds hack – a nation-state hacked the company that updated 1000s of companies’ computer systems. If that were to happen to your SIS vendor, hackers could have access to literally millions of student records.  This is why institutions are beginning to take an inventory of third parties that the institution does business with through contracting, and ensuring that they have the proper cyber-hygiene procedures in place.

Leaders need to know what data is being provided to these third parties and contractually how that third party will use that information. Supply chains also can create risks as well.

 

  • Implementing a Cybersecurity Plan
  • Protecting your Firm’s Computers from Ransomware
  • Securing your Mobile Devices
  • Data Encryption in Cases of Theft
  • Data Backup – Disaster Recovery
  • Advanced Email Security
  • Improving Communication Practices
  • Vetting Legal Tech Vendors through 3rd Party Risk Assessments

Higher Education Third-Party Risk Management

Third-party risk – those vendors who have access to the institution’s infrastructure – is also coming under scrutiny (as it should). For example, the vast majority of institutions use a student information system from a vendor, e.g., Salesforce, Oracle, Jenzabar, Ellucian, and those applications have detailed personal information on 1000s of students.

Now think of the SolarWinds hack – a nation-state hacked the company that updated 1000s of companies’ computer systems. If that were to happen to your SIS vendor, hackers could have access to literally millions of student records.  This is why institutions are beginning to take an inventory of third parties that the institution does business with through contracting, and ensuring that they have the proper cyber-hygiene procedures in place.

Leaders need to know what data is being provided to these third parties and contractually how that third party will use that information. Supply chains also can create risks as well.

Contact Cybernon Today

We will answer all inquiries within 24 hours.