It’s no April Fools’ Joke. The Broward County Public School system was hit with a ransomware attack. The amount demanded? A staggering $40 million.
The group behind the attack, Conti, threatens to destroy files, release personal information and lock the entire system if demands aren’t met. In tech speak, they performed an attack called data exfiltration.
Beside breaking FERPA regulations for thousands of students, permanent damage to Broward County’s reputation is on the line. Not to mention hundreds of thousands of dollars in cybersecurity remediation.
Why Do Hackers Attack School Districts?
As this story unfolds, let’s look at why schools are such a popular target for hackers. After all, 57% of ransomware incidents reported in August/September 2020 involved schools.
We spoke to Ryan Williams, principal consultant:
“Schools are the perfect trifecta for hackers. They’re vulnerable, they’re backed by big government (able to pay $) and they’re newsworthy.
Many schools just don’t invest in the proper safeguards. Hackers know this. They also know that threatening student information is a real motivator for schools to pay up.
This is why we also see local governments attacked. Hackers know that big government can pay out large sums of money to make the problem go away. It’s all-too-common.”
How to Prevent School Ransomware Attacks
While Broward County learns a tough lesson, what can other school districts do to prevent the same situation? Take back power from threat groups.
End vulnerability by getting educated and investing in proper cybersecurity. Here are a few examples:
Standardize Security Measures
- Setup two-factor authentication on all accounts
- Regular password expirations
- Consistent patching
- Up-to-date antivirus software
- Establish firewall policies
- Link checking
- HTTP vs HTTPS
- Penetration testing
- Triangulating sources
- Public WiFi & auto-connecting
- Hardware, software, cloud
- Public vs. private cloud
- Understanding redundancy
Vet IT Companies Thoroughly
Perhaps most importantly, choose IT companies carefully. They’re the first line of defense against hackers. Questions like these are critical to ask:
-What’s your current password complexity/expiration policy
-What’s your user termination policy? (It should be documented on paper)
-What compliance certs do you hold (HIPAA, SOC, PCI DSS, SSAE)?
-How often are data backups performed and how often does a test restore occur? (Important with the rise of malware)
-How are issues/resolutions documented? (Knowledge should be shared between team members; no kingdom keeper)
-What security updates get installed, when and what type of pre-installation vetting?
Broward County School District may be the latest target, but it won’t be the last. School attacks are escalating as education goes more online. E-learning is another vulnerability to beware of.
The comforting news is schools don’t have to be sitting ducks. With the right cybersecurity and education, hackers have no chance. Take your power back. We can help.