There has been a recent rise in ransomware attacks, and no organisation seems to be safe — including services that are publicly owned, such as education centres. To find out how we can prevent ransomware attacks within the education sector, we take a closer look:
Are universities prone to ransomware attacks?
Statements from a Freedom of Information request say that over 63% of universities experienced an attack by cyberterrorists where a ransom was demanded. 56% of those had suffered from an attack in the past year. Bournemouth University suffered from 21 ransomware attacks in the same year showing that ransomware attacks are common in education institutions.
With so many ransomware attacks being carried out, you would expect universities to let the authorities deal with it — however, most preferred to deal with the situation independently except from Brunel in London who reported the incident.
Knowledge is key
Understanding the influence a ransomware attack can have on a university is vital — because then, methods of defence become clearer. Speaking generally, ransomware attacks can break a business, and this is something that all business owners want to avoid if they wish to remain successful. However, this can cause a great deal of damage for those operating in the education sector. After acknowledging the problem, it all comes down to user education — knowledge is key and the correct tools should be provided to make people aware of potential risks.
We’ve partnered up with KBR, wifi in school installers to see what you can do to help prevent ransomware attacks within your organisation:
Publishing specified security policies
Specified policies on how to deal with security issues for different systems within the organisation is essential. When this is issued to individuals, whether this is staff within an education institute or students, they should be able to have a clear understanding of what it means. To achieve this, it is worth producing specific security policies for different departments so it relates to their role. Usually a policy that is created for everyone leads to misunderstanding and a higher risk of security problems.
Creating an understanding of the organisation
As the education sector sees new people coming in at a constant rate, you need to ensure that they have knowledge on the security policies in place. You should outline their personal responsibility in their contracts to show that when they sign the contract, they are aware of potential consequences they might face for any misconduct when it comes to security. This should be included in the induction stage of their contract or initiation.
Conducting regular training sessions
Training is something that should happen on a regular basis, this will lead to people within the organisation being knowledgeable when working with systems and the potential threats they could encounter. Security advice can always change, so making training a more regular occurrence in the business can be beneficial and open room for discussion and constant learning opportunities that will transfer to their role.
Enabling a report-procedure for any threats
If there is a viable procedure in place that can enable people to come forward about potential threats, they will — but if there is no effort made by management, individuals might find reporting an issue more difficult. This should be embedded into universities’ culture and make those working with the system aware that they must report any incidents.
Policies and non-compliers
After you have a final draft of your organisations policies that are made available to everyone, you should begin to determine what the consequences may be for people who do not comply. This will lead to a more knowledgeable workforce that will put the best interests of your company’s security at the top of their priorities.
Top 10: Industries suffering ransomware attacks
Educational institutes suffered from the most majority sectors, with 23%. IT/telecommunications come in second place with 22%. The entertainment and financial services join in third place with 21%. The construction industry is in fourth place with 19%. The government and the manufacturing industries suffer from 18% of ransomware attacks. The transport sector is privy to 17% of attacks, while the healthcare sector and retail/wholesale/leisure come in at 16%.