Recent days and weeks have seen an uptick in ransomware and other malware attacks on schools and school districts from coast to coast.
Louisiana’s governor has declared a cyber state of emergency, and one school district in Alabama is so affected by an attack, it has pushed back its school start date. Other K-12 institutions located in California, Connecticut, Louisiana, Nevada, New York and Rhode Island have also suffered from recent attacks.
Despite publicity for these attacks, a large number of institutions remain at increased risk. Many have not designed and implemented an adequate cybersecurity risk plan or strategy. This is evidenced in part by the hundreds that have systems running vulnerable versions of the Windows SMB file sharing protocol directly exposed to the internet.
The time to take preventative action is now. K-12 institutions should engage qualified professionals with experience preparing for and responding to breaches and cyber attacks. Often the cost to prevent an attack before it happens is significantly less than the cost to respond to after it is too late.
Furthermore, these recent attacks provide an opportunity to inform and train employees about the dangers of phishing emails, one of the largest sources of ransomware attacks.
Now is also the time to prepare, review and practice your incident response plan. Cyber insurance, a sometimes complicated but often necessary component of your risk management strategy, must also be considered as part of this planning and preparation process. Contracts with vendors who store or have access to your data should also be reviewed by someone with experience and knowledge specific to data vendors.
A few steps you can take now will help reduce the risk of a catastrophic ransomware attack and ensure you are adequately prepared:
- Run daily backups that are secure from infestation
- Train all staff and employees on cybersecurity awareness
- Review your incident response plan, including knowing who to contact and what immediate steps to take
- Consult with qualified counsel about your cyber insurance policy to have some idea of what may or may not be covered
If you suspect you may be the subject of such an attack or a data breach, we would encourage you to activate your incident response plan and to immediately engage qualified and experienced professionals to investigate the incident, assist in your response and to protect your investigation to the extent possible from future disclosure.