There is an increasing risk of ransomware attacks against colleges, universities, and school districts. To protect your educational institution, it’s imperative to stay compliant and up-to-date with the latest technology and cybersecurity best practices. In this discussion, we cover what schools need to know about ransomware and what steps educational institutions can take to protect themselves.
Increased Risk of Ransomware Attacks on Colleges and School Districts
According to EducationWeek, educational institutions are at an increased risk of cyberattacks as more embrace technology in daily teaching and learning environments. In 2023, 80% of school IT professionals reported that ransomware hit their school in the last year. There were 1,619 publicly disclosed instances of cyberattacks against educational institutions between 2016 and 2022.
In Pennsylvania, the Chambersburg Area School District was forced to close schools for three days because of a ransomware attack against its network. The Colorado Department of Higher Education suffered a ransomware attack in June 2023 that led to a massive data leak of 13+ years of personal information it was supposed to keep confidential.
In the second-largest school district in Maryland, 4,500 users were impacted by a cyberattack against Prince George’s County Public Schools. The information stolen could be online, so the school system is now responsible for offering credit monitoring and ID theft services to victims.
The biggest data breaches have been challenging for school cyber security to manage. In the Los Angeles School District cyber attack, 2,000+ student records were posted on the dark web. The LA school district ransomware attack included social security numbers from students.
Consequences of Ransomware Attacks Against Schools
As demonstrated above, when a college, university, or school district suffers from a ransomware attack, the aftermath can be costly, disruptive, and legally challenging. It can cost tens of thousands of dollars to millions to recover from a ransomware attack. In the current climate, where school funding needs to be increased, this can be devastating for schools.
Often, a ransomware attack means lost educational time. Students and teachers may not be able to access key resources. Classes may need to be canceled. In some cases, schools have to delay the start of school because of trying to deal with a ransomware attack.
Even if classes can take place, the internet access administrators need may be limited or nonexistent. In a cyberattack in August 2023, the University of Michigan had to cut access to the internet. This means that any payment processing devices, all computers, and any internet-connected equipment are all impacted. This downtime was expected to last for days.
Additionally, data breaches open up educational institutions to legal liability. The Hope College data breach resulted in a federal lawsuit against the university seeking $5+ million. In 2023, the college faced a class action lawsuit over the same data breach. The Marymount Manhattan College data breach also led to class action lawsuits. It cost the university $1.3 million to settle the claims.
Student Privacy Laws and Regulatory Compliance
There are many laws that school districts and colleges must comply with. In cyber attacks on colleges and universities, organizations must comply with many regulations, including HIPAA and FERPA.
What is FERPA?
FERPA stands for the Family Educational Rights Act. It is a federal law that allows parents the right to control the disclosure of personally identifiable information in education records. Data breaches go against FERPA, as it allows unapproved access to this information.
The K-12 Cybersecurity Act
In 2021, the K-12 Cybersecurity Act became a law. This enabled the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to conduct research into how cyberattacks impact K-12 schools and what school districts can do with it.
The CISA published a list of recommendations for K-12 organizations to better safeguard against threats. These include:
- Using multi-factor authentication
- Implementing and testing backups
- Having an incident response plan
- Deploying a cybersecurity training program
- Recognizing resource constraints
Education is Especially Vulnerable
When it comes to ransomware attacks, the education sector is particularly vulnerable. Most educational institutions do not have the resources that corporations do to operate large-scale IT departments. With a small staff, it can be difficult to protect, detect, and remediate potential problems quickly and effectively.
Another major vulnerability for educational institutions is the use of third-party programs and services, especially cloud-based tools. These include Blackboard, Knowledge Matters, and Google Classroom. Even if the school is compliant and secure, attackers can easily find a way through a vulnerability or a social engineering scheme targeting the third-party vendor.
Solutions to Mitigate Ransomware Attacks
There are many tools that can help mitigate the likelihood of ransomware attacks, including Veeam’s Disaster Recovery as a Service (DRaaS) and our advanced website, and email protection tools. It’s a good idea to consult with a cybersecurity expert to audit and recommend appropriate tools to provide the best protection. Sometimes certain tools work against each other or create vulnerabilities that may not be known.
Contact Element Four to Uncover How an MSP Can Help
There’s no doubt about it. Educational institutions are at a high risk of a ransomware attack. Add limited resources and small IT departments, it is the perfect target for those intending to do harm. Partnering with a managed services provider like Element Four can help to control costs and give you the insurance you need with customized solutions for your school or district.
By partnering with us for Cybersecurity, you’ll be able to:
- Focus on education, while we handle your IT security needs.
- Minimize downtime with quick data recovery in case of disasters.
- Stay ahead of evolving cyber threats with constant monitoring.
- Reduce long-term costs associated with data loss and breaches.
- Partner with an experienced team dedicated to your success.
Together, we’ll ensure a safe, resilient, and innovative learning environment. Don’t wait until it’s too late. Secure your educational institution’s future with us! Contact us to learn more and schedule a consultation.