As schools tentatively re-open, hackers look to make a move
Reopening schools this Autumn has a few asterisks attached. With the surge of COVID-19, many have elected to limit school sessions, postpone them, or defer to remote solutions. In other words, taking classes online. While a convenient and safe response to protecting students from Coronavirus, it creates risk in a new way.
Malicious third-parties seek to exploit relying on remote-education by attacking school networks. There are a variety of reasons for this.
- Unpatched systems and hardware are common
- Limited guidance on good cybersecurity policies
- Unprepared staff and students
- Adapting to online environments
- A large increase of attack surfaces as class resources shift to online environments
As such, schools and school districts are subjected to different attacks. In North Carolina, Haywood County was in the crosshairs of a ransomware attack. And, of course, the events concerning University of Utah, which paid ransomware attackers their demanded sum to protect personal student information.
Experts warn and highlight an uptick of attacks will only continue as schools around the nation get started with their hybrid semesters.
How those attacks occur will vary, but experts continue to explain the risk factors. Attackers can target weak at-home devices, provided by the school or otherwise. Then, a potentially infected device will connect to a school’s IT network and propagate malware/ransomware. Making this additionally problematic is ransomware and other virus intrusions often embed into networks for months at a time until deployed.
Protecting school networks
Outside of terminating courses, combatting these attacks proves challenging for school networks. A lack of safe resources combined with minimal understanding of strong cybersecurity policies raises risk with costly consequences.
However, there are a few basic tips anyone can use to shield themselves and education networks from potential malware intrusions:
- Keep all anti-virus software/apps fully updated
- Establish guidelines for students and staff regarding safe browsing policies, especially when accessing course material
- Keep course information and classes on secure networks only, which should only be accessible by approved individuals (students, educators, etc)
- Create a layered network which has limited access based on VPN location