Ransomware in the education sector

As we’re all aware, technology is constantly changing. Although good things come from this, the threat of ransomware attacks is worsening – in all sectors. We’ve teamed up with KBR, wifi in school installers, to find out how we can prevent ransomware attacks within the education sector:

How are universities tackling ransomware?

SentinelOne’s Freedom of Information (FOI) request discovered that an outstanding 63% of universities in Britain were victims of a ransomware attack. 56% of those had suffered from an attack in the past year. Bournemouth University suffered from 21 ransomware attacks in the same year, showing that ransomware attacks are common in education institutions.

Many universities admitted that they didn’t go to the police about the ransomware attack. In fact, Brunel University London was the only one to do so — most preferred to deal with the situation internally.

Becoming educated

The first step that educational institutes must take to tackle ransomware attacks is to learn about it. Speaking generally, ransomware attacks can break a business, and this is something that all business owners want to avoid if they wish to remain successful. However, this can cause a great deal of damage for those operating in the education sector. After acknowledging the problem, it all comes down to user education — knowledge is key and the correct tools should be provided to make people aware of potential risks.

1.      Becoming secure

All educational institutes have general policies in place but it is advised that they have specific policies that focus on system security. When this is issued to individuals, whether this is staff within an education institute or students, they should be able to have a clear understanding of what it means. To achieve this, it is worth producing specific security policies for different departments so it relates to their role. Usually a policy that is created for everyone leads to misunderstanding and a higher risk of security problems.

2.      New starters

Big institutions and companies often face high rates of staff induction. It’s important to make new starters aware of the policies that you have in place — whether this is new employees, students, contractors, or third-party users. You should outline their personal responsibility in their contracts to show that when they sign the contract, they are aware of potential consequences they might face for any misconduct when it comes to security. This should be included in the induction stage of their contract or initiation.

3.      The right training

Employees in a large institution should be given thorough training. Security advice can always change, so making training a more regular occurrence in the business can be beneficial and open for discussion. Constant learning opportunities can also transfer to their role.

4.      Flagging issues

A system should be implemented whereby employees feel comfortable enough and have the ability to flag any security issues with management. This should be embedded into universities’ culture and make those working with the system aware that they must report any incidents.

5.      Disciplinary action

It can be dangerous if some employees don’t follow the security policy. You should make everyone aware of the disciplinary action that will be taken against them if they do not comply with what has been outlined. This will lead to a more knowledgeable workforce that will put the best interests of your company’s security at the top of their priorities.

Industries that are susceptible to ransomware attacks

It is in fact the education sector that suffers from the most ransomware attacks (23% of attacks were on this industry). IT/telecommunications come in second place with 22%. The entertainment and financial services are jointly in third place with 21%. The construction industry is in fourth place with 19%. The government and the manufacturing industries suffer from 18% of ransomware attacks. The transport sector is privy to 17% of attacks, while the healthcare sector and retail/wholesale/leisure come in at 16%.