4 steps to combat ransomware in schools

The rise of ransomware is increasingly troubling, but a few smart steps can help educators keep their schools protected

Walking through the parking lot, your office manager sees a USB flash drive labeled “Teacher Cutbacks” on the ground.

Your lead teacher receives an email that appears to be from your IT person requesting a password reset.

Your custodian sees a flyer advertising a free meal for school employees and uses his phone to access the QR code at the bottom.

These real-life scenarios all could lead to your school or network’s data and operations software being held ransom by hackers. This form of cyberattack is known as ransomware, and it represents a growing threat to K-12 schools, including charter schools.

Education technology researcher Doug Levin noted that “the number of charter schools that experienced [cyber] incidents reached an all-time high during 2020 (equating to 11 percent of all incidents experienced during 2020).”

In a ransomware attack, hackers use malicious software to lock out organizations from their data and systems, including email and video conference tools, to extort increasingly large sums of money. Projected losses from ransomware attacks in 2020 are expected to top $20 billion dollars. Schools are a popular target for ransomware attacks because their data is valuable, and their cyber security is often lax.

As schools were struggling to respond to the global health pandemic last year, switching to remote learning and ensuring all kids had access to the online tools they needed, hackers recognized a vulnerability. Ransomware results in the loss of thousands of hours of learning each year–loss compounded as many students fall further behind because of the pandemic.

In December, the FBI and other federal agencies sounded the alarm. “Adopting tactics previously leveraged against business and industry, ransomware actors have … stolen—and threatened to leak–confidential student data to the public unless institutions pay a ransom,” they warned.

At nonprofit CharterSAFE, we have helped our charter school members resolve ransomware demands up to $400,000, and we are seeing trends in the scholastic sector of even higher demands. Then, there’s the additional costs of expert negotiation with the hackers and all the investigative work afterwards on what data was accessed and its sensitivity.

Given the rise of ransomware and other cyber threats to K-12 schools, leaders should take the following steps to protect their school data from black hat hackers.

  1. Use Multi-Factor Authentication (MFA). You’ve likely used this extra layer of protection before. MFA is an effective way to require additional pieces of evidence to prove your identity. Let’s say that someone figured out the password to access staff emails. Before the hackers could fully log in, MFA would require the hackers to go through an added step and input a real-time code to a system that only staff have access to.
  2. Duplicate Data. What would happen if you suddenly lost access to your online gradebook, attendance records, parent and guardian contact information, or employee payment records? To avoid that scenario, schools and networks can duplicate their critical data daily and protect that data from criminals by keeping it off the web. An example could be using two different networks, servers, or domains with different credentials and access to segregate the data and store it in two separate places in case something happens.
  3. Train Your Staff. Would your office manager recognize that thumb drive labeled “Teacher Cutbacks” as an attempt at social engineering, possibly leading to the transfer of malware onto your network’s computers? The State of California offers free staff training in combating social engineering and phishing for all public schools.
  4. Get Cyber Liability Coverage. How would your school or network handle a six-figure ransomware loss? You can make sure your school has cyber liability coverage. However, as the cost of ransomware attacks rises, coverage of cyber incidents available to schools becomes significantly limited. The insurance market will only provide coverage if there are safety precautions–like those outlined above – in place to reduce the chance and cost of ransomware.

The truth is, as ransomware and cyberattacks become increasingly more aggressive, so too must our protective measures. By taking the steps outlined above, school leaders will immediately make accessing their data much harder for the hacker and will strengthen the safety of their school community’s data for years to come.

eSchool Media Contributors