5 steps to battle ransomware in the education sector

As technology evolves, as does the threat to cybersecurity from ransomware. We’ve teamed up with KBR, school WiFi installers, to find out how we can prevent ransomware attacks within the education sector.

Universities versus ransomware

When SentinelOne carried out a Freedom of Information (FOI) request, they discovered that 63% of UK universities were victims of ransomware attacks. 56% of those had suffered from an attack in the past year. Bournemouth University suffered from 21 ransomware attacks in the same year showing that ransomware attacks are common in education institutions.

The worrying issue is that most of the universities chose to deal with the issue internally and didn’t go to the police. Brunel University London was the only one to take the matter further.

Educating on ransomware

To be able to combat the issue, educational institutes must be knowledgeable of ransomware. Speaking generally, ransomware attacks can break a business, and this is something that all business owners want to avoid if they wish to remain successful. However, this can cause a great deal of damage for those operating in the education sector. After acknowledging the problem, it all comes down to user education — knowledge is key and the correct tools should be provided to make people aware of potential risks.

1.      Implementation of security policies

Education centres have many general policies in place, but is there enough focus on security policies? It is suggested that they should have a section that focuses entirely on security procedures for all systems. When this is issued to individuals, whether this is staff within an education institute or students, they should be able to have a clear understanding of what it means. To achieve this, it is worth producing specific security policies for different departments so it relates to their role. Usually a policy that is created for everyone leads to misunderstanding and a higher risk of security problems.

2.      Educating new starters

Staff and pupil turnover is something that occurs in all organisations. It’s important to educate the new starters and make them aware of the policies that you have in place — whether this is new employees, students, contractors, or third-party users. You should outline their personal responsibility in their contracts to show that when they sign the contract, they are aware of potential consequences they might face for any misconduct when it comes to security. This should be included in the induction stage of their contract or initiation.

3.      Thorough training

Training is crucial for people using the system in a university. Individuals should be given the appropriate training to give them guidance on doing the right thing for the operation of the institute. Security advice can always change, so making training a more regular occurrence in the business can be beneficial and open room for discussion and constant learning opportunities that will transfer to their role.

4.      Reporting system in place

It’s important that staff feel as though they can approach members higher up in the company about any issues they spot. This should be embedded into universities’ culture and make those working with the system aware that they must report any incidents.

5.      Alternative action

Once your security policy is in action, everyone should be made aware of the consequences of non-compliance. This will lead to a more knowledgeable workforce that will put the best interests of your company’s security at the top of their priorities.

Which industries are most susceptible to attack?

Some industries are targeted more than others when it comes to ransomware attacks. It is the education sector that suffers from the most ransomware attacks with 23%. IT/telecommunications come in second place with 22%. The entertainment and financial services join in third place with 21%. The construction industry is in fourth place with 19%. The government and the manufacturing industries suffer from 18% of ransomware attacks. The transport sector is privy to 17% of attacks, while the healthcare sector and retail/wholesale/leisure come in at 16%.