Expert Viewpoint

Why Educational Institutions are Prone to Ransomware Attacks (and What They Can Do to Protect Themselves)

• By Sam Manjarres
• 12/13/22

Ransomware is the most significant information security threat in the education sector, and K–12 schools and colleges and universities are both targets.  For example, Los Angeles Unified School District, the second largest district in the U.S. with more than 1,000 schools and 600,000 students, was recently hit by a ransomware attack, disrupting access to its IT systems. Following a cyber-attack in December 2021, Lincoln College had to shut down the following May as all systems required for recruitment, retention and fundraising efforts were still inoperable. But why are educational systems an enticing target for ransomware attacks, and how can they improve their cyber defenses?

Before addressing defense tips, let’s first review why educational institutions are targeted by hackers. First, at the K–12 level, many school systems are underfunded and can’t afford the same sophisticated cyber-defenses that protect businesses. Few have dedicated teams of cybersecurity professionals. Schools often rely on older, more vulnerable IT systems that aren’t patched or updated on a regular basis. And with services exposed to the Internet, as well as teachers and students using their own computers and devices to log in remotely, school systems present a large attack surface for hackers to exploit. Many of these problems also exist at the college level.

Second, schools and colleges find themselves with little recourse but to pay if they’re hit with a ransomware attack. When attackers infiltrate a school district’s network, they can lock employees out of computers and systems while gaining access to valuable and sensitive personal information. Most schools and systems don’t have the technical sophistication to recover data in the event of a breach. For administrators, the desire to avoid disrupting classrooms coupled with the possible consequences of an online data leak creates massive pressure to pay ransoms (which have gone as high as half a million dollars).

In short, the combination of being soft targets and having a higher propensity to pay makes schools almost irresistible to hackers.

Despite the growing cyber threat, however, there are effective strategies for making schools more secure (especially in the era of hybrid learning) and ways to improve threat detection and prevention.

The first step is to prioritize ransomware awareness among school administration, teachers and students. Introducing security concepts through awareness training programs can help users to adopt safe practices when accessing computers, systems and login credentials.

Critical security awareness education should include:

• Detecting phishing attempts (in which attackers attempt to trick users into providing their login credentials);

• Using email security best practices (detecting emails from malicious actors);

• Avoiding weak or exposed passwords; and

• Reporting incidents to the IT department.

Another important strategy for reducing the cyber risk to schools and minimize the threat of ransomware is to prioritize the implementation of tools for:

Content Filtering: This includes blocking restricted content and additional capabilities to prevent access to websites, emails, or files that can lead to vulnerabilities and incidents. These restrictions provide excellent protection against threats and support adherence to compliance regulations, such as the Children’s Internet Protection Act (CIPA). Content filtering can be deployed using hardware appliances or software as a service (SaaS).

Monitoring Access: Visibility tools that can track and expose threats and identify user behavior contributing to a compromised network are a must-have for achieving compliance. Monitoring network security threats, issues and trends accelerate the ability to eliminate threats, set meaningful security policies across the network, and meet critical compliance mandates.

Multi-factor authentication (MFA): Password-only authentication systems are inherently weak and stolen credentials are often used in ransomware attacks. MFA requires additional verification (such as a biometric like a fingerprint or entering a code on a recognized mobile device) before a user is granted access to a network or data. Educational institutions should implement MFA alongside any bring your own device (BYOD) program to protect user access. Look for a solution with an optimal user experience that can make it easy to enable authentication right from a user’s own phone after a simple install and activation.

Secure WiFi: WiFi is critical to enable learning, admin, and teaching duties in a school setting. To deliver secure Internet access, focus on private networks and access points that can handle density without risks. Consider Cloud-managed WiFi solutions for optimized performance, greater visibility and reporting.

A final strategy for protecting educational systems is having a well established backup and disaster recovery plan. That means identifying the most sensitive files to be backed up, as well as which back-up files need to be secured offline. In addition, individual schools should have their own back-up. When it comes to backups, consider the 3-2-1 rule:

3. Keep three copies of any important files: one primary and two back-ups.

2. Keep the back-up files on two different storage media.

1. Store one copy offsite.

Also, remember that for a disaster recovery plan to be truly effective, practice makes perfect. Don’t wait until a ransomware attack occurs to find out whether your plan actually works.

As schools continue adapting to hybrid learning, e-learning, and other more flexible student learning experiences, threat actors will likely continue to take advantage of educational systems. It’s paramount for K–12 schools and high educational institutions to discuss and implement strategies to secure hybrid learning, threat detection and prevention and create awareness training for all levels of employees and students. It’s also just as crucial for individuals outside of the education sector to support the initiatives that empower schools with the tools and resources to enable a secure learning environment so communities can learn anywhere, anytime.