Cyber Security and Education: The Ransomware Curse

by | Oct 21, 2019 | Security | 0 comments

When you think of the targets of cyber crime, educational institutions don’t always make the top of the list, but they should. In this 3-part webinar series, Tim Hohman and Bruce Ward hosted a series of 30-minute webinars to explain why schools not only should, but NEED to start being proactive with their cyber security practices.

Part 1: The Ransomware Curse

On October 17th, Tim and Bruce discussed five key things to consider when discussing the relationship of cyber security and education. Specifically focusing on the scourge of ransomware in education. Below we will cover the ways ransomware can infect a system, what makes schools the perfect target, and the consequences of an attack.

If you would like to learn when you should pay the ransom, and how to prevent an attack, scroll to the bottom of this blog and watch the full-length recap!

Methods of Attack

To keep it simple, there are 5 ways ransomware can infect your network:

  1. Infected Attachments – people click on infected attachments without thinking twice. Some are pretty obvious, coming from a funky email address or in an email with a large number of typos, other times they look like they are coming from a trusted source. Be careful!
  2. Compromised Credentials – Ransomware attacks are premeditated. Hackers usually have been monitoring systems for months, waiting for the perfect time to strike. Most commonly, when an employee is granted higher-level access. Monitoring who has access to what is a great way to mitigate risk.
  3. Unknown Flash Drives – seems silly doesn’t it? Unfortunately, this is a pretty common way ransomware can infect a system. Many times, victims will pick up a USB drive, plug it into their computer, click a file, and Bam! they’re infected. Simple solution: just don’t do it.
  4. Malvertising – the latest and most deceptive of them all. This is a form of attack where victims get an email with a reward for filling out a survey. It sounds a lot like an incentive for customer feedback, doesn’t it? That’s why it’s so important to check the email address and verify it. If you can’t verify, DON’T CLICK.
  5. Bad Antivirus OR Un-patched Systems – Equal parts bad and fixable. If you aren’t sure what antivirus to choose, call your Managed Service Provider (MSP), they’re happy to help! If you don’t have an MSP register for Part 3: Who You Gonna Call? We’ll be discussing what you can do to create your very own action plan and how to pick the right MSP for you.

Why Schools?

Most people assume that schools, public and private, have a high barrier to entry and Fort Knox level cyber security. After all, they are protecting highly sensitive information, like student and faculty identity. Schools are even perceived as gateways to larger state accounts based on who they interact with. Key decision makers such as superintendents and school boards, to name a few. So they should have air tight policies in place to prevent an attack, right?

In an ideal world, yes. Unfortunately, the reality is many schools simply don’t have the bandwidth or means to do so. Tim pointed out two key areas you can focus on today that will better equip you to ward off attacks. Read more about what makes schools vulnerable here.

Consequences of an Attack

Like many other ransomware victims, you likely won’t know you’ve been attacked until its too late. That’s not to say that ransomware is a death sentence, but it shouldn’t be taken lightly either. Here are five consequences of an attack:

  1. Liability – Districts and school leaders are held accountable for network breaches and can be sued. Many schools are taking extra steps to monitor their system and invest in Cyber Security Insurance.
  2. Legal Requirements – Every year student and faculty members must share medical information with nurses and school officials. To ensure safety and to provide corroboration for many state and federal laws, keeping a watchful eye on this data to make sure the school operates in a compliant fashion is crucial.
  3. Reputation – If a school comes under-fire for ransomware, their reputation is at risk. The likelihood of students jumping ship and taking alternate attendance will climb and the number of new students will descend.
  4. Teaching & Learning – In today’s modern age, technology is no stranger to the classroom. When ransomware strikes, this stifles teachers’ ability to do basic tasks like taking attendance and grading papers. Depending on how long the school is out-of-commission, this can even affect payroll.
  5. Student Digital Records – Some attacks are focused on stealing money, but others are focused on changing or stealing data. If an attack is designed to alter student information, this could affect that student’s future. Risking their ability to apply for employment and college.

Learn how you can prevent future attacks and when you should pay the ransom by watching the full webinar below.

Follow along with the slide deck!

Do you still have some burning questions cyber security and education? Reach out to us, we’re here to help. Give us a call at 630.832.0075. We are happy to chat. Not a fan of talking on the phone? No problem! You can send your questions to – we will get back to you as soon as we can.