Once again, we are seeing K-12 schools shut down due to ransomware attacks. The FBI and the Department of Homeland Security have repeatedly warned that K-12 is a soft target for cybercriminals. Why?
K-12 schools are particularly vulnerable because of a serious lack of knowledge amongst school administrators for how to properly prepare for ransomware attacks. This is not acceptable as it is only a matter of when, not if.
So what should school administrators with limited time and budget focus on? The answer is always the fundamentals. Those simple, basic steps you can take to prepare for, respond, and recover from a ransomware attack. Sadly, the fundamentals often go overlooked or are poorly implemented.
What are the top 5 fundamental things every K-12 S2School should be doing to prepare for ransomware attacks?
#1 Know what you have in your environment
You cannot protect what you cannot see. Perform an asset inventory starting with the most critical systems, networks, applications, and data. Then expand your scope to less critical assets, systems, applications, and data.
Performing asset inventory is an ongoing activity, and updates should be made at least annually.
#2 Know your risk level
Perform a comprehensive risk assessment like S2School to get a measure of your current security posture. Quantifying your risks helps to identify high risks, and enables you to create a prioritized roadmap so that your resources can be spent on fixes that will have the biggest impact on securing your environment. Without a risk assessment, it is very hard to know where to start.
Like asset inventory, risk assessments should be updated at least annually.
#3 Air gap your system and data backups
This is the most important precaution that can be taken to ensure a school is able to recover from a ransomware attack quickly and at minimum cost. The latest trend is for cybercriminals to go after backups before attempting to ransom the system. They know that backups can help you avoid paying the ransom.
By keeping the backups encrypted and physically offline, you can be sure that your backups will be safe from cybercriminals and ready for when you need them most.
Make sure to test your backups and ensure they are working before you encrypt them.
#4 Implement Multi-Factor Authentication (MFA)
This extra step makes it much harder for cybercriminals to get access to your systems and data. By using MFA, you can reduce the likelihood that a phishing link or malicious website will result in the theft of credentials.
#5 Have a response plan
This is no different from the response plans that schools have in place for other emergencies. A ransomware response plan helps us achieve quick, action by reducing the confusion, hesitation, and decision-making that needs to be done in an emergency. Just like other response plans, it must be tested regularly to ensure the plan is working as designed.