Taking a brief break from the usual focus on instructional technology to share a quick reminder on how to work to get ahead of the curve with ransomware. It is well worth doing! Be proactive to defeat this threat before it takes you down! Thanks to Mike Bianco for the post. – kilowatts
Nobody wants to imagine the headlines and consequences of a ransomware attack. However, preparing for such an event is crucial in order to escape with your data intact and without paying a ransom to attackers. More than 56% of K12 educational organizations experienced ransomware attacks between 2020 and 2021, with an average cost of more than $265,000.
To help create a strategy, break the planning down into different stages of a hypothetical attack. Here’s how to prepare to weather the storm.
Before an attack occurs
No one regretted implementing best practices. If you don’t already have an incident response plan, create one now.
Implement the principle of least privilege. If someone manages to infiltrate the systems, their credentials will ideally not be sufficient to access valuable data.
Endpoint Detection and Response (EDR) is much more than just antivirus software! Monitoring the health and security of each endpoint (read: a network-connected device) focuses on the nooks and crannies that criminals expect you to neglect.
Stay up to date with software patches – they make a difference and protect your network from exposure. In 2022, more 22.5 thousand New common IT vulnerabilities and exposures were discovered, a new record.
Data backup follows the 3-2-1 rule: 3 copies, 2 different media formats, 1 offsite. Then give it a try!
82% of violations in 2021 involved the human element. 35% involved the use of email. You can expect between 7 and 10% of real phishing emails to filter through their blocking systems, so practice is important. (Did you know that some are written by his own students?)
Make safety training a regular part of life. Include incentives for completing the training, such as digital badges, leaderboards, and certificates, for completing the training well. With the regular practice of using KnowBe4 training programs, districts have gone from a 32% failure rate in phishing evidence at a 4% failure rate. Additionally, some cyber insurance programs require proof of training and supporting data.
What do I do if I suspect a phishing or ransomware email?
Decide the course of action in advance; for almost all users, this will be for contact internal IT and follow their instructions.
What to do during a ransomware attack:
Front Users:
It is important that users know what to do before an attack occurs.
Number 1: Contact IT right away.
Most people’s roles will stop after that, but they still need to be told what to do in the meantime and how to communicate with their own stakeholders and students. To that end, inform the people who relate to the community (administrative assistants, teachers, etc.) about the situation and the unified messages of the public relations team.
End users:
Enact your district’s incident response plan.
disconnect and isolate infected systems but do not turn off the devices.
Locate patient zero to identify the source and type of non-compliance.
Contact your cyber insurance, authorities, response teams, public relations.
Meet with vendorswork together, stay informed, evaluate options for moving forward.
record facts and archive them for later retrospective.
After a ransomware attack
Bad guys leave backdoors, so never reuse compromised systems. Instead, rebuild them after verifying that it is safe to do so.
Get help from your providers (like Skyward). There may be nuances that are critical to getting your systems up and running again.
Learn from it: How did the attackers get past? Re-evaluate policies and make changes to block copycats and repeat attacks.
Make retrospective questions standard and include notes and comments from the provider. Keep these facts and findings organized and confidential, but allow transparency to stakeholder teams. Knowledge is power and data is private.
To be prepared! Create an incident response plan tailored to your district. Share and practice the plan with your stakeholders. By taking the time to prepare, you’ll eliminate headaches down the road. While we can’t stop bad actors from targeting school data, we can definitely prepare as best we can.
Empower everyone to be a cyber hero!
