With the new school year beginning, ransomware attacks have spiked in K-12, and small districts are a favorite target as a result of being rich in information and low on security, District Administration reports.
Three school districts in Louisiana were attacked last month, causing the governor to issue a statewide emergency. Since January 2016, school districts have been hit with 533 cyber incidents.
In terms of cybersecurity, the education sector is ranked last on a list of 17 industries, as schools struggle with endpoint security, patching, application security and network security.
With each school record going for about $250 to $300 on the black market, schools are a particularly lucrative market for hackers. In education, one of the biggest risks to cybersecurity is a student, faculty or staff member clicking on a phishing link. Training should include how to spot malicious links or phishing emails, in addition to reminders to never share personal information, like addresses or birth dates, about themselves or students.
The Metropolitan School District of Wayne Township in Indianapolis uses a phishing simulation to test employees. Those who click on the suspicious link will be treated to a 3-minute training video that demonstrates how to spot red flags in emails. Those who don’t figure it out the first time — and fall for the email trick later in the year — are treated to a longer video and maybe even some in-person training.
All the prevention is worth it, however, if it prevents an attack, as experts say the end user is ultimately the weakest link in cybersecurity defenses.
In July, the small, rural Moses Lake School District in Washington state was struck by a ransomware attack that originated from an IP address in Russia. The district’s anti-malware system failed after a staff member clicked on an email link, and though district IT staff were immediately alerted, the virus still infected 50 workstations. IT staff had to go around unplugging every server from the network, and the district is still recovering from the attack.