Cybercriminals don’t tend to discriminate; asides from a minority who go out with the ‘Robin Hood’ mentality of stealing from the rich and giving to the poor, they target sectors indiscriminately. Unfortunately, that means a lot of worthy and undeserving (not that there any deserving sectors, of course) areas feel the brunt of these individuals’ (or groups’) crimes.
The healthcare sector has been subjected to serious ransomware attacks, and it seems increasingly that the education sector is being targeted too. The type of attack, in question? Ransomware. At Nutbourne, we offer extensive cybersecurity solutions as part of our work as a managed service provider. We’ve previously written about the dangers of ransomware, so we wanted to take a look at this worrying trend of ransomware in education, in a little more detail.
Who’s Being Targeted?
Institutions from schools all the way through to universities have found themselves at the end of ransomware demands over the past couple of years. According to a report by the National Cyber Security Centre – a branch of GCHQ – there was an uptick in attacks in August and September last year, as well as an increase since February of this year. Ransomware can lead to big financial impacts as well as the loss of sensitive data; in the context of education, it’s also led to serious breaches of student privacy as well, with coursework and assignments being compromised.
How Can Schools & Other Organisations Prevent Ransomware Attacks?
Preventing ransomware attacks revolves primarily around the following:
- Targeting weak passwords.
- Targeting organisations without multi-factor authentication (MFA).
- Attacking through vulnerabilities in poorly set up VPNs (Virtual Private Networks).
- Sophisticated (and not so sophisticated…) phishing emails.
- Exploiting un-patched software.
Combating such attacks requires a mixture of solutions, then, including everything from better cybersecurity hygiene through to the implementation of MFA and the creation of an improved patching policy. Whilst prevention is better than cure, should an organisation fall prey to a ransomware attack, it’s important not to panic. Preparation beforehand can ensure that, even if you do get attacked, you’re able to recover both quickly and effectively.
How Do You Recover From A Ransomware Attack?
One of the easiest ways to recover from any cyberattack – not just ransomware – is to have regularly updated, secure offline backups. If your data is being held to ransom and you don’t have such backups, you’re pretty much at the mercy of the attacker holding your information. If you have offline backups, on the other hand, you’ve at least got a recent version of all your data, records, information, etc. easily at hand. It might not be ideal, but it’s certainly better than being completely beholden to these criminals.
Whilst we’d always advise utilising a vCIO service to implement a comprehensive cybersecurity strategy tailored to your business, we appreciate this isn’t always possible. Fortunately, the National Cyber Security Centre offers a handy (and completely free) online service called Exercise in a Box. The tool – which can be used by businesses and organisations of various sizes – enables you, in essence, to ‘practise’ your cybersecurity measures; you can test your firm’s protocols in an entirely safe environment. If you’re unsure where to begin with your cybersecurity measures, then you this is a good place to start!
Strategy, Strategy, Strategy…
For years, when it’s come to anything IT-related, whether it be hardware or cybersecurity, firms have tended to adopt a break-fix approach. This is an outdated and wildly impractical way of dealing with IT in any instance, but especially when it comes to cybersecurity. Being reactive rather than proactive is a bit like playing Russian Roulette; a constantly evolving and frequently reviewed cybersecurity strategy, by contrast, allows you the best possible chance of identifying and preventing threats before they become problems.
Alongside our cybersecurity solutions, we offer the following as a London managed service provider:
- Remote and onsite support, as well as monitoring services. We also offer IT procurement services, too.
- Cloud services.
- Communication options, including: Cloud Telephony, VOIP & SIP, Structured Cabling, Chat, Web & Video Conferencing.
- Strategy services, including: Benchmarking, Road Mapping, Consultancy, Disaster Recovery & Audits.
So, if you’d like to find out more about our cybersecurity solutions as a managed service provider – get in touch! Contact Nutbourne today on +44 (0) 203 327 7273 or by filling out one of our online contact forms. Alternatively, you can message us through live chat; we’ll do our best to get back to you as quickly as possible. We’re also hosting an upcoming webinar on how to prepare your IT systems for a hybrid working model. Register here!