Ransomware Attacks: Is Your School Safe?

Recent attacks on multiple high-profile and highly populated school districts have highlighted how vulnerable educational institutions and districts are to cyberattacks. In 2021, 67 ransomware attacks impacted U.S. schools and colleges and more than 950,000 students. The demanded ransoms have cost school districts up to $40 million.1 Ransomware attacks are still affecting the education sector of the United States.

Schools often have complex IT environments that may include a diverse array of technologies and personal devices that are difficult to centrally manage. Younger users of technology may not be aware of cyberthreats and allow attackers in by opening malicious attachments or links. Also, school technology funding often does not invest in cybersecurity protections as other, more regulated industries such as healthcare or financial services.

What can public school districts do to protect themselves proactively against hackers infiltrating their data? Here are several helpful tips:2

Establish a cybersecurity governance program that requires school board oversight. IT leadership should report on the implementation of cybersecurity practices and provide reporting on the effectiveness of cybersecurity control.
Cybersecurity awareness among faculty and staff should be ongoing and require regular training in safe practices and current threat vectors.
Maintain a documented incident response plan that is made readily available to district personnel, i.e., teachers and staff, and reviewed/updated by management at least annually or after any significant change to operations or infrastructure.
Introduce advanced threat detection and endpoint protection solutions consistently across all systems.
Disable local-administrator privileges for teachers and staff on workstations in classrooms and school offices. Only trained/authorized back-office personnel of the school systems, such as an IT manager, should have administrator access to the network, i.e., elevated privileges.
Require multifactor authentication (MFA) for all district staff when accessing sensitive systems or data.
Enforce default policies to help reduce the risk of classroom invasions during live, online classroom sessions.
Follow the 3-2-1 rule of thumb for backups: keep at least three copies of your data, store two copies on different media, and have one copy that is located off-site and immutable.
Perform periodic self-assessments that are publicly distributed to help proactively identify lapses within the cyber defenses such as CSBS Ransomware Self-Assessment Tool and the K12 SIX Cybersecurity District Self-Assessment Tool, whose best practices are derived from National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and Center for Internet Security (CIS) Controls frameworks.

There are many available resources that can help school districts build defenses against hackers. The Cybersecurity and Infrastructure Security Agency (CISA) has led a national effort to reduce the risk of ransomware in public school infrastructure, releasing helpful guides for school officials to be ready for addressing an attack and minimizing the impact. The agency regularly partners with the FBI when these attacks infiltrate the public school system.3 Their most recent partnership was to warn schools that cyberattacks are expected to increase.4

The Cybersecurity Team at FORVIS aids the education sector in their defensive maneuvers against those who would hold their sensitive information for ransom. FORVIS provides Technology Consulting Services as well as Forensics & Valuation Services. Under these, FORVIS offers system implementation and modernization, IT risk management, and several other services to help deliver security measures to institutions.5

If you need more information or help in evaluating your school system’s readiness to address a ransomware attack, reach out to a professional at FORVIS or submit the Contact Us form below.

Please note that this information is current as of the date of publication.

Related FORsights