Updated research from Malwarebytes documented a 92% rise in ransomware targeting K-12 education, with nearly half of those against U.S. school districts.
Ransomware criminals will often focus on hacking networks tied to essential services, and K-12 institutions are prime targets due to the amount of sensitive student data and administrative staff records stored within their systems. Schools often possess access to parent data, including Social Security numbers and payment card information.
In 2022, the Los Angeles Unified School District experienced a severe ransomware attack. Last year, the Minneapolis School District suffered a breach with over 300,000 files leaked, including medical records and discrimination complaints, and a $1 million ransom request. These attacks can persist anywhere from a few days to several weeks, leading schools to disrupt the educational process and suspend classes for an extended duration while network systems and data are restored.
K-12 school systems have lagged in adopting and implementing security measures such as data encryption and multi-factor authentication, often due to insufficient information technology resources and funding. Educating end users on how to proactively protect themselves and the school community is critical for prevention. Key topics to include within your staff awareness training include:
- Email Security
- Password Security (best practices for creating and using passwords)
- Social Engineering (phishing and vishing prevention)
- Internet Safety (social media, browsing habits, personal devices)
- System Security (software updates, anti-virus, multi-factor authentication)
- Data Security (protecting sensitive data types)
- Incident Reporting (and response)
Ensuring users can relate to real-world scenarios and lessons learned will empower them to make better, more informed decisions in both their personal and professional lives. It is also important for end users to understand their role in protecting student and staff information, and how to respond to a potential attack or breach quickly and effectively.
“CampusGuard has served as a trusted partner in IT Security and Compliance across higher education institutions since 2009. With similar cybersecurity risks and threats increasingly targeting K-12 schools, it only made sense for our team to partner with FACTS to help bring our team’s expertise and support to the FACTS school environments. We are excited to offer our comprehensive information security and compliance training courses and resources to engage staff with actionable information security best practices and protect schools from compromise,” Andy Grant, Director of Business Development for CampusGuard
Contact us to learn more about CampusGuard’s information security awareness and compliance training courses available now through the FACTS partnership.
