Is Your University Ransomware-Proof?

Just a few months ago, the FBI issued a warning to universities about a sharp uptick in ransomware incidents that can extract and encrypt data. In 2020, ransomware attacks occurred across colleges and universities in the U.S., including one case where hackers asked for $1.1 million to decrypt the data they had stolen and restore access to servers. 

Analyses of these types of attacks against higher education found that attacks against universities during 2020 doubled over the year prior, with the average ransom demand totaling $447,000.

Universities are in a precarious position; COVID-19 has moved education to the online realm with many staff and faculty members working from home. IT departments that may be focused on facilitating a smooth transition to online learning are stretched thin and may not be able to dedicate as many resources to security, leaving an opening for cybercriminals. 

Universities must have their guard up during this unprecedented time. Here are some of the ways to help ransomware-proof your university. 

Back-Up 

Backing up files to external hard drives or the cloud is a good way to defend against ransomware attacks. These places are less easy for cybercriminals to access and enable universities to retrieve data in the case that a bad actor does gain access and demand a ransom. Backups should be regularly tested to ensure that data can be restored should an attack occur. 

Update Patches and Antivirus Software

Having antivirus and antimalware software in place is critical to prevent breaches, but it’s just as important to make sure that software is regularly updated. Fine-tuning the settings on this software is also a solid step. Ransomware can often be delivered as a file that has multiple file extensions (e.g. pdf.exe), so be sure that you can view all file extensions to identify any suspicious files. 

Scan Systems Daily

Conducting daily scans across systems allows universities to quickly identify and eliminate attacks — and identify any vulnerabilities that should be addressed. In many cases, hackers probe systems via a minor attack. Scans will pick up on these, but without a scan, the hacker may attempt a large-scale attack that could cripple systems. 

Monitoring networks for abnormal behavior like rapid-fire login attempts and other suspicious activity enables schools to be proactive rather than caught off guard. 

Train Employees

Ransomware hackers love to use phishing emails, so your staff should understand what they are and how they might look. People should understand that they should not open suspicious emails from unverified senders or click on suspicious or unsolicited links. 

All it takes is one weak point that can quickly escalate to a full-scale ransomware attack. Ensuring that you have the right security measures in place and that staff is well-trained in security best practices can go a long way in keeping your university out of the headlines — and your sensitive information safe. Contact us today for a free consultation to learn more about how we can help.