Ransomware Targets Education: How Do You Protect Your Data?

Ransomware attacks are on the rise, and not just in business and government — they also increasingly occur in education. In fact, in a warning issued on Jan. 31, 2018, the FBI and the Department of Education inspector General stated that hackers have tried to sell over 100 million private records from almost 100 schools and businesses as of the end of last year. Overall, more than 63% of organizations experienced an attempted ransomware attack in 2017, with 22% reporting these incidents occurred on a weekly basis, according to ESG Research.

Why educational institutions? It’s because data in education is largely unprotected, and can contain sensitive data such as Social Security numbers, birth dates, and even student loan data, making it an easy-to-access, lucrative target.

Ransomware attacks are a serious issue for schools, with significant compliance and legal ramifications. For example:

  • In 2016, the University of Central Florida (UCF) was sued for a data breach impacting the personal information of 63,000 individuals, both students and faculty.
  • Two-thirds of UK universities have been attacked by ransomware hackers.
  • A cyberattack on a UCLA server likely accessed student information.

Because many K-12 districts have small technology budgets, have fewer resources to support cybersecurity, and have relatively open “Bring Your Own Device” policies, it’s a challenge to protect school districts from ransomware. Universities and colleges face similar resource constraints, and similar situations. All educational institutions, however, must do a better job of protecting their networks and data.

Ransomware Attacks

How Does Ransomware Enter the System?

  1. Human error: Despite end user training in security best practices, people still click on phishing emails and related attachments that can launch ransomware.
  2. BYOD connections: Even if your networks and systems are protected, malware can infect it via unprotected devices and endpoints – phones, laptops/notebooks, tablets, USBs – that end users may connect to your systems in a more open “Bring Your Own Device” environment.
  3. Third-party software or file-sharing networks: The recent Petya ransomware attack (similar to the WannaCry attacks) were seeded through a software update mechanism built into a third-party accounting program. And if your organization uses collaboration suites like G Suite or Office 365, shared files can become vectors for malware proliferation.

But G Suite and Office 365 Are Secure – Right?

If you work for one of the many thousands of educational organizations currently using G Suite or Office 365, you benefit from the agility, flexibility and collaboration they provide.

Google and Microsoft’s productivity suites are secure and offer some disaster recovery capabilities – including recovery from their disasters (like server failure or natural disasters), not yours.

That means you are not protected from data loss if any of these scenarios happen to you:

  • A colleague inadvertently overwrites, destroys, deletes or moves another’s work while collaborating in Drive or OneDrive.
  • When migrating to a new device, data becomes corrupted when a synchronization process overwrites or removes good data.
  • A malicious employee does the unthinkable and deletes data, then purges the recycle bin.
  • A professor accidentally deletes the folder containing their syllabus and course details.
  • Or…if a ransomware attack locks not just one document, but EVERY DOCUMENT in a shared folder at compute speed.

Do You Really Need a Backup and Restore Solution?

Your data is valuable and vital to your organization’s success. You need to be able to rapidly restore back to the last known good version of data in the event of data loss.

“Nearly every SaaS provider explicitly states in its terms and conditions that clients are responsible for protecting their own data. You must plan data protection for every new SaaS service to which you subscribe.” – Naveen Chhabra, Forrester, Back Up Your SaaS Data — Because Most SaaS Providers Don’t

Here’s a few reasons why SaaS data loss is a growing risk.

  • Ransomware is on the rise, especially in education: Educational institutions have been shown to have three times the rate of ransomware infections found in Healthcare, and 10 times the rate found in Finance. One in 10 educational institutions surveyed reported some form of ransomware on their networks, according to BitSight.
  • Human error is significant: Human error is the leading cause of data loss in SaaS applications. How long would it take your organization to recover if critical information about student performance, or an institution-wide collaborative project, was lost?
  • As technology adoption increases, sync errors will only increase. As educators use an increasing number of apps and devices, sync errors and resulting data loss will grow in frequency and severity of impact.
  • G Suite needs backup that enables fast restore. Google says, “You have a limited time from when the data was permanently deleted to restore files and messages. After that, the data is gone forever.”
  • eDiscovery tools are not the same as backup and restore solutions. Google Vault and Microsoft Office 365 eDiscovery are designed to meet archival and compliance needs, but not backup and recovery needs.

It’s clear that your data is your responsibility: While Google and Microsoft can protect your organization from issues on their side, they cannot protect your organization from human error, sync errors, or malware and ransomware.

How do Backup and Recovery Solutions Help?

EdWeek reports that backup is the key component in reducing the risk of data loss from ransomware and other issues. A cloud-based backup and recovery solution acts as a digital insurance policy, filling in the human error and sync error gaps in your data protection plan, and providing a secure, off-site location for backups. They help your organization mitigate the risk of loss from ransomware by automating backups, and enabling rapid restores to the last known good point in time.

If malware does infect your network and you are locked out of your files, or if a hacker corrupts or deletes critical data, the best cloud-based backup and recovery solutions enable rapid restores of clean versions of the files, emails, contacts, and other information you need to keep your institution up and running and meeting its mission.

Whitepaper: Preventing A Ransomware Disaster



This is a Security Bloggers Network syndicated blog post authored by Brian Rutledge. Read the original post at: Spanning