Higher education is a prime target for ransomware. With ransomware, bad actors use malware to access, encrypt, and lock a victim’s system, data, or devices. As a result, the victim can no longer use or access them. Typically, cybercriminals demand a ransom payment for the victim to regain access.Â
As ransomware continues to be a problem in the education sector, colleges and universities should consider a ransomware attack protection strategy to prevent and combat these types of attacks.Â
What is a Ransomware Attack Protection Strategy?
The United States Computer Emergency Readiness Team (US-CERT) – a government agency within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency – offers recommendations for guarding against ransomware attacks.Â
The higher education sector is especially vulnerable to these attacks, making a ransomware attack protection strategy indispensable. However, creating such a strategy also calls for unique considerations specific to school infrastructure.Â
Creating a Ransomware Attack Protection Strategy
The US-CERT’s #StopRansomware Guide provides a number of recommendations that can comprise your ransomware attack protection strategy. Recommendations include:Â
Maintaining encrypted data backups that live offline and are isolated from the network. Regularly test the availability and integrity of these backups per a disaster recovery scenario. This can limit the impact of losses and to speed up the recovery process.Â
Create and update a university incident response plan (IRP) that outlines response, notification, and communication protocol for ransomware and other cyber incidents. The IRP should include both a hard copy and an offline version to ensure availability in the case of an incident that compromises the system or network. Â
Implement a zero trust architecture (ZTA) to guard against unauthorized access. Access control is paramount and should be as granular as possible. With ZTA, the assumption is that a network is compromised and enforces least privilege per request access decisions to keep systems and services secure.Â
Regularly conduct vulnerability scanning to identify and address security weaknesses and limit the attack surface (relevant sidenote: PCI DSS 4.0​​, which became mandatory on March 31, requires schools with e-commerce checkout pages that qualify for SAQ A to undergo quarterly vulnerability scanning for those pages).
Keep all software and operating systems updated with the most recently available versions and patches – with priority given to internet-facing servers. Use reputable managed cloud providers where possible to minimize cloud vulnerabilities.Â
Enable and configure security features across all devices, including on-premise, cloud services, mobile, and BYOD (bring your own device). Disable protocols and ports not used for official purposes, including Remote Desktop Protocol (RDP).Â
Implement phishing-resistant MFA for email, VPNs, and any accounts and services that access critical systems. Create and enforce escalation protocol for systems that do not allow or enforce MFA. Â
These are a few of the top best security practices to consider including in your ransomware attack protection strategy. However, this list is far from comprehensive. Consult with the right IT and security experts to fine-tune your strategy to meet your needs.Â
Strategic, Secure Ransomware Protection
If your organization or institution becomes a victim of ransomware, the paying of ransom is discouraged. Ransom payment does not guarantee that bad actors will release your files, though there are select, sophisticated cases where victims cannot get their data back without paying a ransom.Â
There are many considerations to take into account when creating a ransomware attack protection strategy. It can be beneficial to consult with a team of cybersecurity experts, and Arrow Payments is happy to help. Our team of seasoned payments professionals can guide you in the right direction to enhance and fortify your security stance. Contact us today for a free consultation.Â