Ransomware attacks are becoming more common, with technology constantly growing and changing the way we operate — we like to think education establishments are safe, but are they?
Ransomware attacks in universities
63% of universities in the UK suffer from regular ransomware attacks, according to a Freedom of Information request carried out by SentinelOne. 56% of those had suffered from an attack in the past year. Bournemouth University suffered from 21 ransomware attacks in the same year showing that ransomware attacks are common in education institutions.
Brunel University London was the only one to report the attack that has occurred as other universities dealt with the issue internally.
Educating the user
They key method to protecting your organisation from a ransomware attack is to speak openly about its potential impact — knowledge is power and educating people within your group will allow them to better defend themselves if such an event was to occur. Speaking generally, ransomware attacks can break a business, and this is something that all business owners want to avoid if they wish to remain successful. However, this can cause a great deal of damage for those operating in the education sector. After acknowledging the problem, it all comes down to user education — knowledge is key and the correct tools should be provided to make people aware of potential risks.
Putting company policies in place
Company policies are put in place to offer some sort of reassurance when it comes to security within an organisation, but in education centres there should be different procedures provided for all systems that could suffer from a potential attack. When this is issued to individuals, whether this is staff within an education institute or students, they should be able to have a clear understanding of what it means. To achieve this, it is worth producing specific security policies for different departments so it relates to their role. Usually a policy that is created for everyone leads to misunderstanding and a higher risk of security problems.
An introduction to the company, and its policies!
Inductions should be carried out when a new member joins the team — whether this is a student or a contractor, providing handbooks that highlight the organisations policies are vital to keeping safe. You should outline their personal responsibility in their contracts to show that when they sign the contract, they are aware of potential consequences they might face for any misconduct when it comes to security. This should be included in the induction stage of their contract or initiation.
Taking time to train employees
With users working with different systems, it’s important that people are given training of a high standard which can help them make informed decisions on when a ransomware attack occurs. Security advice can always change, so making training a more regular occurrence in the business can be beneficial and open room for discussion and constant learning opportunities that will transfer to their role.
Raising potential security threat issues
Once a person enters the organisation, they should have regular contact with those in managerial positions — the benefit of this is that they will feel more comfortable reporting an issue that they might think could be hurtful. This should be embedded into universities’ culture and make those working with the system aware that they must report any incidents.
Consequences of non-compliant users
Once your policies have been created, you need to determine what the consequences will be if they are not abided by. This will lead to a more knowledgeable workforce that will put the best interests of your company’s security at the top of their priorities.
10 sectors with the most ransomware incidents
KBR who provide school WiFI across the country found out that:
The sector with the most ransomware attacks, with a high 23% is the education industry. IT/telecommunications come in second place with 22%. The entertainment and financial services join in third place with 21%. The construction industry is in fourth place with 19%. The government and the manufacturing industries suffer from 18% of ransomware attacks. The transport sector is privy to 17% of attacks, while the healthcare sector and retail/wholesale/leisure come in at 16%.