IT Director answering her phone: "Hello, Yvonne here. How can I help you?"
Finance Assistant: "Yvonne! My computer's got something wrong with it. Everything's frozen and I can't access QuickBooks. And there's a message on my screen saying it's been hacked. What do I do?"
This scenario is a lot more common than you think. Ransomware attacks strike large organizations and small ones. While you wouldn't think private schools would be vulnerable to such attacks, they are just as exposed as a Fortune 500 company. Although I have earned IT certifications over the years, you and I are going to listen to what the experts in the IT security field have to say about ransomware, and, most importantly, how to protect your school from these unwelcome attacks.
What is ransomware?
The United States Government's Stop Ransomware website defines ransomware as follows: "Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption."
This video explains ransomware.
"It couldn't happen in my school."
Why should your private school be concerned about ransomware? After all, your school is such a small organization. Why would anybody attack our school? Another security expert tells you why.
cWatch explains why hackers do what they do: "Some common reasons for hacking include basic bragging rights, curiosity, revenge, boredom, challenge, theft for financial gain, sabotage, vandalism, corporate espionage, blackmail, and extortion. Hackers are known to regularly cite these reasons to explain their behavior."
Now, when hackers attack your school computers, you could find yourself unable to access the data you use to run your school. Financial and student records, as well as a host of other critical data, will be unavailable until you pay the ransom that the hackers demand. Unfortunately, typical ransom demands can be very expensive and time-sensitive. You will have as little time as 48 hours to pay or lose your valuable data.
Caitlin Jones writing in Expert Insights states: "Headlines tend to feature high-profile attacks on large enterprises that end up costing the organizations billions to resolve. But we often don’t hear about the 46% of small businesses that are targeted by ransomware (2020 Data Breach Investigations Report, Verizon). SMBs are just as at risk as large corporations with a lot to lose, simply for the fact that they often don’t have the budget or infrastructure to invest in sophisticated security platforms and the latest technology updates. This makes them an easy target for cybercriminals looking for vulnerabilities to exploit, such as unpatched software. The notorious 2017 WannaCry ransomware attack spread in exactly this way: it targeted organizations that didn’t roll out the latest Windows patch."
Signs that you have been attacked
RSI Security offers five signs that your computer has been hacked.
- An inexplicable slowdown in workstation or network activities
- Any suspicious changes to files, file names, or locations
- Unauthorized or previously undetected extraction of data
- Unrecognized or otherwise out of place file encryption
- Explicit splash screen messaging indicating an attack
If you suspect that your computer has been compromised, notify your IT staff immediately. Don't pretend that there's nothing wrong. Have your IT people evaluate the situation promptly. I won't get technical here, except to say that IT professionals know how to deal with ransomware.
How to fix a ransomware attack
Malwarebytes states: "They say an ounce of prevention is worth a pound of cure. This is certainly true when it comes to ransomware. If an attacker encrypts your device and demands a ransom, there’s no guarantee they will unencrypt it whether or not you pay up."
Malwarebytes continues: "That is why it’s critical to be prepared before you get hit with ransomware. Two key steps to take are:
Install security software before you get hit with ransomware
Back up your important data, files, documents, photos, videos, etc."
To implement these commonsense steps, review the security of your technology systems once a month. Support your IT staff when they schedule training sessions for your teaching and administrative staff. Some members of your team may not understand the urgency of a ransomware threat. It's critical that everybody knows what's involved and the protocols for dealing with a ransomware attack.
How to prevent a ransomware attack
When a staff member tells you that she thinks there's something wrong with her computer, take her warning seriously. Don't put her off. Instead, train all staff, even the IT-savvy ones who think they know it all. Everybody should follow the established protocols for dealing with IT security:
- Block the use of personal email on school computers. Instead, your team can use their smartphones to look at their emails. I recommend that small schools use cloud-based email services such as Google.
- Configuring and maintaining an email server in-house is a time-consuming endeavor. Have professionals configure your local area network.
- Teach your team about phishing and how a link in an email from an unknown sender could be a hacking attempt in disguise.
- Disable USB ports wherever possible. People think that inserting their thumb drive in a USB port is harmless. Maybe it is. Maybe it isn't.
- Finally, backup your important files. Daily. A robust, scalable backup solution is expensive but cheaper than losing all your important data to a ransomware attack.
This video from Kaspersky explains how ransomware works.
Take security threats seriously.
At one point in my career, I had a wonderful general manager whose mantra was "Constant vigilance!" He taught all of his managers to always be on the alert. Do the same with your senior team members. You will be very grateful for those extra sets of eyes and ears when they are able to head off disaster.
Questions? Contact us on Facebook. @privateschoolreview