TCP Episode 119 -- Ransomware in Schools

Frederick Lane -

Listen to this episode on Cybertraps.com, Apple Podcast, or your podcast platform of choice.

Click Here to Subscribe to The Cybertraps Newsletter

Show Notes

Ransomware is a growing problem for organizations, including schools

What is it?
How does it happen?
Why does it happen? $$$ – $7bn in 2021
Who’s doing it?
We are all on the front lines now

Problems for Schools

Down time for school personnel, distraction from mission
Inability to access data; closure of schools
Loss of data, identity theft, invasions of privacy
Reputational damage
Financial loss
Technical and legal fees
Ransomware payment

How Can Schools Protect Themselves

Have air-gapped backups
Conduct routine cybersecurity audits and threat analysis
Training and education for all members of the school community
The greater the access, the more training is needed
Particular focus on phishing (leading attack vector) and other intrusion methods
Competent and thorough IT department
Patch, patch, patch
Limit ability to install new programs without thorough testing
Collaboration with law enforcement
Take advantage of increased funds for cybersecurity
Bipartisan Infrastructure Law
American Rescue Plan Act
Increased interest in cybersecurity offers great opportunities for education and job training

How Much Should Schools Share with the Public?

Organizations often face a temptation to not report cybersecurity breaches
Have a thorough response plan in place; review and update on a regular basis
Consult with law enforcement to avoid interfering with investigation
Communicate quickly and thoroughly with parents if (when) a cyberattack occurs
Increased transparency helps define the scope of the problem and risk factors for others

Resources