Schools targeted by fraudsters posing as government officials - 5 steps to stay secure!
It is becoming very apparent that the education sector is going to be extremely lucky if it’s to dodge a ransomware outbreak in 2018, with fraudsters persistently targeting schools as recently was reported by Action Fraud – the National Fraud & Cyber Crime Reporting Centre.
It’s essential that schools face up to this very real risk and take the necessary (and often simple) measures to offset the threat of a ransomware attack infecting their systems.
With new strains of attack being continuously developed, traditional security is no longer guaranteed. Many schools are asking what are the options to protect their network? However due to lack of preparation they will be left with no other alternative than to pay the ransom to restore the encrypted data – despite there being basic means for ensuring this is avoided.
How Schools are falling victim to malware:
Ransomware has become one of the fastest-growing threats globally, with 2000%+ increase in incidents in the last 12 months alone, and the education sector is being targeted by online scammers to exploit security flaws and hold critical classroom and pupil data ‘to ransom’. Unless Headteachers are willing to pay a hefty ransom to release the files, full system deletion is the result.
Typically, the ransomware would be downloaded by teachers, admin staff, management or other staff members with access to the school’s IT network, who click on a seemingly-innocent link within an unsolicited e-mail, only to find the software has taken control of their computer, locking users out until the school finds the funds for the encrypted files to be reversed.
The most well-known and widespread ransomware attack, the ‘Wannacry’ virus, affected over a quarter of a million machines last year, using asymmetric encryption to prevent victims of the software from recovering the key required to decrypt their data.
As a previously untargeted sector, many staff and students are not alert to the emerging threat of ransomware, and this understandable innocence is the loophole which potential cyber scammers are currently exploiting. Action Fraud warns scams are being successful by fraudsters cold-calling to schools posing as a so-called ‘Department of Education’ official. They then request contact details for the Head teacher or administrator responsible for the school’s IT suite.
The phone call is followed by an email containing apparent ‘guidance forms’, such as exam protocol or pupil mental health assessment forms. Emails contain an attachment (usually a ‘zip’ file), disguised as a Microsoft Office document. As soon as it is downloaded, it installs the ransomware which then encrypts files on the system, and demands money in order to allow the recovery of the files.
5 essential steps for protecting your school against ransomware attacks
With the unpredictable nature of ransomware attacks, it is becoming increasingly challenging for schools to guarantee protection. By implementing the following measures, you will however maximise cyber security and inhibit vulnerabilities at your school:
- Educate Staff : Check any unsolicited emails carefully and be vigilant for grammatical and spelling errors, or addresses which do not reflect verified and common domain names. Make staff aware of the impact of these threats and their role in protecting school systems.
- Implement robust e-mail protection solutions to ensure as many threats as possible are filtered out before reaching user mailboxes.
- Maintain a reliable anti-virus software on all machines, and ensure that updates are installed as soon as they become available
- Refuse to click on any attachments within unsolicited emails without first verifying the identity of the sender to check that it is genuine by a method other than e-mail.
- Create backups of all important documents and files regularly, ideally creating an offsite replication of your data, which can be restored quickly in the event of a disaster happening.
If you have not yet adopted measures to protect your school from a potential ransomware attack, addNETWORKS can help. Our recommended technology partner, StorageCraft has been the bedrock of Disaster Recovery solutions for over ten years, across four continents. We have developed a comprehensive Backup solution for the education sector, which is cost effective and will restore data in the event of a ransomware attack.
To find out more about how we will keep your school secure and your data safe, contact us today: