The following is a non-sponsored post written by NordVPN we felt worthy of posting:
The U.S. government issued a statement warning that cyberattacks are victimizing K-12 educational institutions. The security agencies have received numerous reports on ransomware incidents in which criminals threaten kindergartens and schools to leak stolen confidential student information to the public if these institutions don’t pay a ransom.
“The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” cautions Cybersecurity & Infrastructure Security Agency (CISA).
“Due to the global pandemic, remote learning is gaining momentum, and so is malicious cyber activity. Unfortunately, educational institutions, especially schools and kindergartens, are not ready for this,” says Oliver Noble, a cybersecurity expert at NordLocker, an encryption-powered data protection solution.
What makes the education sector so attractive to hackers?
The COVID-19 pandemic has forced many students to shift to remote learning, which can’t guarantee security and privacy. According to Oliver Noble, the chaos provides hackers with new ways to attack students and teachers: for example, online classrooms get “zoombombed” by disruptive outsiders. “There’s also an increase in phishing emails that trick students and their parents into giving away personal information to hackers who impersonate school staff,” says the expert.
Schools and kindergartens usually lack digital protection, and their systems might run on outdated software. “Hackers look for the weakest link, and unpatched vulnerabilities in an organization’s system or unsecured Wi-Fi networks don’t usually take long to find,” Oliver Noble warns.
You might think — why would a hacker need some student’s information? A student’s stolen Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live. This is very appealing to hackers who sell stolen credentials and PII (personally identifiable information) on the dark web.
What practical measures can educational institutions take to protect themselves?
According to Oliver Noble, to protect the data of their students and employees, schools and kindergartens should implement the following:
- Secure Wi-Fi network. Students, teachers, and even administration staff should operate on separate networks to limit access and restrict breaches to one network at a time. Hide names of administrative networks from lists of available connections and protect all routers with strong and unique passwords.
- Adopt zero-trust network access, meaning that every access request to digital school resources by a member of staff should be granted only after their identity has been appropriately verified.
- Encrypt files with staff and students’ PII to avoid data leaks in ransomware. User-friendly encryption solutions like NordLocker make sure important information stored on the organization’s computers is always protected from prying eyes with strong encryption. The tool also offers a private encrypted cloud for easy access and secure data storage.
- Have up-to-date backups available to keep the chances of data loss as slim as possible. If an attack is successful, there will still be an unaffected older version of the files. Again, a cloud solution for schools is a great way to back up data.
- Educate teachers and administration staff on cybersecurity. Since ransomware attacks usually start with a phishing email, awareness and education will help employees recognize phishing scams and avoid downloading malware or sharing sensitive information with impersonators.
- Use a VPN for a safe internet connection. To avoid outside risks, teachers and administration staff need a secure connection, and here’s where a VPN (Virtual Private Network) comes into play. It creates a secure encrypted tunnel between an employee’s device and the internet. A VPN protects the connection from third-party access, including hackers ready to breach the system.