Addressing the Scourge of K12 Ransom Attacks: How K-12 CTOs and IT Leaders Can Protect Their Schools, Students, and Staff

As of September 2022, more than half of the 16 publicly reported and officially disclosed ransomware attacks involved public school systems, colleges, or municipal and county government agencies. This type of malicious software holds computer systems for ransom resulting in learning loss, data damage, and ransom payment.

The sharp surge in K-12 ransomware attacks is estimated to cost $3.56 billion. On average, affected schools lose over four days to downtime and spend approximately 30 days recovering from the attack.

On a year-over-year basis, the total volume of K-12 hostile online attacks has leveled off, but ransomware is seeing a sharp surge. So, why are our schools vulnerable to ransomware?

Why are Cybercriminals Increasingly Targeting Schools? 

There’s good reason for K-12 CTOs to be on the alert about ransomware.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has turned its attention to K-12 schools as “target-rich, resource-poor” targets for cybercriminals. Additionally, the FBI has issued several warnings about K-12 education cyber threats from gangs like ‘PYSA,’ ‘DoppelPaymer/Grief,’ and ‘Vice Society.’ Why are schools cybercrime targets?

Top 3 Reasons Schools are Ransomware Targets

1. Schools house a large amount of personal data on students, faculty, and staff. 
2. Cybercriminals are attracted to school districts willing to pay a high ransom to keep student information private. 
3. Many schools are unprepared to protect themselves from ransomware attacks. While corporations often have robust cyber defense systems in place, many school districts and universities do not.  

Start your school district on a path to protect the privacy of your students, parents, and staff with the following ways to guard against ransomware.

20 Quick Tips for K-12 CTOs and IT Leaders

1. Develop and Document Formal Response Plans. Work with your board, legal, and communications teams to develop a response plan.
2. Establish a Written Data Use Policy. Develop a data use policy and conduct regular training for teachers and staff.
3. Inventory All Requests for Data. Subject suspicious data requests for evaluation.
4. Restrict Access to Admin Rights. Students and teachers shouldn’t have admin rights by default.
5. Disconnect RDP Services to the Internet. Remote Desktop Protocol (RDP) services shouldn’t be accessed over the internet. 
6. Set Default to Active 24/7 Cyber Security Monitoring and Detection. Hackers are relentless. Monitoring for early warning signs can limit damaging cyber attacks.
7. Train Users in Cybersecurity Best Practices. All system users should be trained to spot suspicious activity to avoid problems and allow them to fully participate in protecting your schools.
8. Drill Your Cybersecurity Response. Treat cybersecurity drills in the same way you do fire drills.
9. Keep Hard Copies of Response and Recovery Plans. If your systems are down, you’ll need access to the plans you’ve made and a response and recovery contact list.
10. Maintain Offline Backups. A ransomware attack will typically include your backups. Maintaining offline backups will let you recover much more quickly.
11. Establish Multiple Layers of Phishing Protection. Many ransomware attacks start with phishing emails, making it critical to protect against them. 
12. Implement “Automate and Respond” Systems. Automate to reduce human error in response to threats. 
13. Purge Old Files. Your district will be less attractive to hackers, and you’ll lose less data if attacked.
14. Set Up Access Alerts. For those files, you must retain and set up alerts when a user tries to access, download, and/or share them externally.
15. Block Downloading Macros from the Internet. Be vigilant about downloaded macros that may contain malicious code.
16. Require Two or Three Levels of Authentication for VPN Access. Anyone accessing your VPN should confirm their right to access it using more than a simple username and password.
17. Manage Third-Party Vendors. Avoid third-party app ransomware threats by keeping track of the vendors that have access to your sensitive data and enforce a vetting procedure before anyone uses their apps.

Parchment tip: Partner with Parchment. Parchment’s information security management system is based on industry best practices ISO 27001, NIST CSF, and PCI DSS. 

1. Get a Second (Trusted) Set of Eyes on Your Response Plans. Leverage your network of IT professionals and leaders. 
2. Seek External Resources and Expertise. Consider a consulting firm or “virtual-CISO” services to probe for vulnerabilities, plan an incident response, and run tabletop exercises.
3. Keep Your Senior Leadership Involved. Make sure leadership understands the risk, what you need to do to avoid them, and what will happen if attacked.

How K12 CTOs & IT Leaders Can Protect Schools

School districts are under increasing pressure to address security flaws and reduce the scourge of ransomware attacks. IT leaders can follow guidelines such as the K-12 NIST Cybersecurity Framework.  

Parchment’s ongoing series for K-12 CTOs provides a quick review of school cybersecurity best practices. 

Contact us to learn more.  Parchment has built robust and transparent information security and compliance programs into our K-12 district records services as part of our ongoing commitment to putting our members and learners first.

There’s always more to learn.