K-12 & Higher Education
Often times higher education is not thought of being an industry targeted by cyber criminals for ransomware attacks, however nothing can be further from the truth.
K-12 schools are not going unscathed either from cyber attacks and will only get worse in the near future. A ransomware attack caused Albuquerque Public Schools, the largest district in New Mexico, to close down for two days in mid-January of 2022.
Ransomware, a Disruptive Cyber Attack
Ransomware attacks, if successful can result in damage to institutional reputation, productivity, and the ability to operate for school institutions costing thousands of dollars if not prepared. While ransomware and other threats have been around for a while, tactics are evolving and growing to find new ways to penetrate an institution’s IT infrastructure and information systems.
Ransomware tends to happen when school institutions have not updated their IT infrastructure (servers and software) exploiting vulnerabilities, poor systems patching and weak endpoint protection. Institutions need to take a proactive approach by incorporating cyber-hygiene through patching or updating systems and increasing awareness through user training to prevent these types of attacks before they occur. Institutions also need to be prepared to respond when prevention fails.
- Compromised communications due to phished or compromised email accounts
- Inability to access firm information due to ransomware (i.e., where hackers encrypt files and demand money to restore access)
- Public leaks of personal or business information (e.g., on social media)
- Loss of public and client trust in your firm – reputational damage
- Malpractice allegations and lawsuits
How Cybernon Helps K-12 & Higher Education
Third-party risk – those vendors who have access to the institution’s infrastructure – is also coming under scrutiny (as it should). For example, the vast majority of institutions use a student information system from a vendor, e.g., Salesforce, Oracle, Jenzabar, Ellucian, and those applications have detailed personal information on 1000s of students.
Now think of the SolarWinds hack – a nation-state hacked the company that updated 1000s of companies’ computer systems. If that were to happen to your SIS vendor, hackers could have access to literally millions of student records. This is why institutions are beginning to take an inventory of third parties that the institution does business with through contracting, and ensuring that they have the proper cyber-hygiene procedures in place.
Leaders need to know what data is being provided to these third parties and contractually how that third party will use that information. Supply chains also can create risks as well.
- Implementing a Cybersecurity Plan
- Protecting your Firm’s Computers from Ransomware
- Securing your Mobile Devices
- Data Encryption in Cases of Theft
- Data Backup – Disaster Recovery
- Advanced Email Security
- Improving Communication Practices
- Vetting Legal Tech Vendors through 3rd Party Risk Assessments