As students return to the classroom, so too does the threat of a bad actor holding school data hostage. Be it a public high school or private university, the excitement of a new school year comes with the threat of ransomware.

The education sector is now a top target of cyber thieves looking for a payday. Consider Los Angeles Valley College which paid $28,000 ransom as the spring 2017 semester began, upon realizing there was no backup for its seized data. In 2016, the University of Calgary paid $16,000 to decrypt emails for its famed researchers, noting it was better to pay than have a record of someone’s life work threatened.

Get Educated on Network Risk

Part of what makes schools such a juicy target is the number of unsecured devices moving on and off campus networks. One recent study noted 86 percent of students spend at least an hour each day using devices online during school hours – and that’s just for school-specific work. Now imagine at least one is a prankster looking to access banned content via a school network, and you’re looking at a cyber headache.

Even the secured, school-owned devices are a problem. It was thought Macs were more secure when they weren’t mainstream, and it wasn’t worth the time to hack them. Now a majority of schools –  80 percent of institutions of higher learning – are using Macs. Interestingly, IT professionals in educational settings surveyed in 2016 still believe it’s easier to maintain a secure environment on the Mac platform.  

Schools’ demonstrated willingness to pay a ransom, lax Mac security and all those student devices roaming campus networks create a perfect storm for a ransomware attack.

Act as the Semester Begins

You can quickly put a plan in place for all students and teachers working with devices on your campus:

1. Apple for the teacher. Get rid of the idea that Macs aren’t vulnerable and spend the time to apply all patches and updates regularly sent from Apple.

2. Go old school. Use Time Machine where apppropriate, which will automatically create full system backups, enabling you to wipe an infected device and perform a full system restore. If you have sensitive data on your Mac, make a redundant backup and check that backup for vulnerabilities.

3. Don’t share your work. If devices carry student information, salary details or high-value data others would pay for, encrypt it. Should these devices be stolen or infected with malware seeking to steal files, you’re still protected.

4. Get a study partner. Use endpoint security clients. You can get help from a trusted vendor with tools to protect your devices and tie security back to your network. This way you can share threat data to protect devices as well as your network.

5. Make it all add up. Cover other threat vectors. Web security is an issue for all those students coming onto campus, but email is still the top source of malware. Use a strategy that allows you to find and contain the threat wherever it resides on your network.

As a Fortinet partner,  Proactive Network Management Corporation (PNMC) combines public sector expertise with Fortinet’s cybersecurity to fully protect school data, devices and networks from attack. Our advanced threat protection services can safeguard your school from data loss, malware, ransomware and network vulnerability. Contact us to learn more.