Ransomware remains a serious problem for organizations everywhere, and though universities may not have the reputation for financial clout that banks have, they remain a prominent target for cyber criminals – and it’s easy to see why. Universities frequently have a large number of access points, with tens of thousands of the different students and teachers accessing applications and systems from various geographical locations. Many institutions also still hold a great deal of legacy software and hardware, alongside personal data. Recently, the National Cyber Security Centre highlighted that UK universities are under high threat levels from state actors as well as financially motivated cybercrime. In the past few months, six UK universities paid a ransom, including University of York, Oxford Brookes University and Leeds University, in a global cyber-attack targeting US-based cloud computer provider Blackbaud.
Adding fuel to an already active fire, the move to remote work and learning also presents challenges for university IT teams. Every student laptop represents a different potential “attack vector” and with their resources spread so much between different responsibilities, it’s extremely hard to ensure that every single potential entry point is closed off. It’s easy to see how this could set the scene for ransomware-related disasters. And, with so much valuable student data at risk, universities are more likely to pay up than the average business. However, despite these challenges, there are steps IT teams can take to ensure their continuity. So, what are the most important aspects universities need to consider when it comes keeping themselves safe?
Creating a ransomware plan
It’s vitally important that education IT teams have a solid plan for dealing with ransomware. Bringing together university leadership, IT leaders, and department heads in the form of a crisis team is an important step to towards limiting the damage caused by ransomware, and will help identify which aspects of universities’ IT infrastructure need the most protection. It’s important that compliance considerations remain part of these conversations, as student data is protected under GDPR. Being fined for exposing sensitive student data in the wake of an already costly ransomware attack is the last thing university leadership wants or needs. Testing your response plan ahead of time also represents a vital part of any ransomware mitigation strategy. If testing has been conducted proper and thoroughly, there should be no misunderstanding about what needs to be done to prevent disruption to operations.
Integrating cybersecurity with data protection is also something to consider when developing a plan for ransomware, especially as many IT managers at universities now have a more uncertain future in terms of funding due to COVID-19. University IT teams are already understaffed and under-resourced in comparison to larger corporate organizations, and don’t have the benefit of having a large IT team with employees that have specialized skills in cybersecurity or storage. This can make all-in-one cybersecurity and data protection solutions an excellent choice for these organizations, as they can consolidate and manage both needs through one tool. Not only is this approach helpful in identifying and mitigating unfolding attacks, but it’s also much more budget-friendly.
Educating the university body
It’s important to not overlook the value of educating staff and students, too. Incorporating professional cyber awareness training should form an integral part of student inductions, and should be covered in the same way video conferencing or shared storage protocols are. With many students and teachers learning and teaching online, universities need to take on the task of filling in gaps in their cyber threat knowledge. This training can be as simple as helping students identity suspicious attachments or unknown links, which are often markers of a phishing attack. This can stop ransomware attacks dead in their tracks before they have a chance to gain a foothold.
However, the human element is just one part of the solution. Universities also need the correct systems in place to ensure their safety from ransomware. Remote learning is highly dependent on SaaS-based systems such as Microsoft Office 365, which many mistakenly assume are backed up automatically. Organizations actually need a third-party data backup system to retain and protect data from these tools long term. Having this automated backup system in place, covering all university-issued devices, will remove any confusion about what needs to be backed up and when, meaning the IT team will have more capacity to spot unusual events and potential cyber incidents. It will also ensure that any valuable emails, coursework or research projects will be available in case a ransomware attack does encrypt files.
Though universities still have little clarity about to what degree learning will take pace remotely during the 2020 academic year, we do know it will present a step into the unknown from an IT perspective. Cybercriminals continue to innovate, and we expect ransomware strains to continue to become ever more advanced when it comes to taking advantage of the vulnerabilities caused by remote learning – particularly as the rewards remain high for bad actors. Despite this uncertainty, an approach which is based on taking an all-in-one integrated approach to data protection, backing up vital SaaS tools, and educating employees, will help universities prepare for worst, without comprising the efficiency of learning in the present.