The rate of cyber-attacks has significantly increased over the past few years. Districts of all sizes are at risk of becoming victims of them, which is why it’s crucial that district leaders are aware of the most common cyber threats impacting the educational community today. Being aware of common cyber threats and developing plans to prevent them is the best way to protect your district, staff, and students from cyber criminals.
We have addressed some of these threats individually, but it never hurts to review them as a whole. Criminals’ tactics improve as technology continues advancing, which is why it is crucial for cyber security defenses to keep pace. Knowing exactly what you’re up against with cyber-attacks and creating the proper safeguards will protect your district. Below, you will find four of the most common types of cyber-attacks out there and how to protect your district from them.
Malware
Malware has been around since the dawn of the Internet and has remained a consistent problem. It is an intrusive software developed to steal data and damage or destroy computers and computer systems. Malware is an extensive type of cyber-attack, and many subcategories belong to it, including viruses, spyware, adware, and Trojan viruses. One type of malware that has lately been used more frequently is ransomware. Ransomware threatens to publish sensitive information or blocks access to necessary data unless a sum of money is paid to the cybercriminal who developed it.
Unfortunately, malware can be detrimental to nearly every aspect of your district, so you should do two essential things to prevent it from affecting you. First, you should install the latest anti-malware programs. Better yet, use one of the more sophisticated solutions that have artificial intelligence that continually adapts to identify malware or suspicious behavior. Some of these more sophisticated solutions are even bundled with 24x7x365 Security Operation Centers (SOCs). You should also train your team about these risks and ensure they are aware not to click on any suspicious links, websites, or files that could be dangerous.
Phishing
Have you ever received an e-mail asking for sensitive information that looked official, but something just wasn’t quite right? Chances are it was probably a phishing scam. Phishing occurs when cybercriminals send official-looking messages to individuals, posing as another organization, in an attempt to receive personal information. Falling for a phishing scam can quickly result in you becoming a victim of identity fraud. The results can be substantially worse if a district employee falls for the scam.9
So, how do you best prepare for and protect your team against phishing scams? Utilize employee cyber security training so they can spot the warning signs. The actual e-mail will usually line up differently from whom the cybercriminal is trying to represent. Also, most organizations will not request private information over e-mail. Common sense will prevail over phishing scams.
Distributed Denial Of Service
DDoS attacks can bring your district to a standstill. These attacks occur when malicious parties overload servers with user traffic, causing them to lag or shut down since they are unable to handle incoming requests. If your district falls victim to this kind of attack, your staff and students might not be able to access key functions required, and online testing or attendance might be disrupted.
DDoS attacks are very difficult to thwart, and a determined cybercriminal can lock up your network for days on end. You’ll have to identify malicious traffic and prevent access before it can cause damage. Districts in the 4-County MHRIC region (Dutchess, Ulster, Orange, and Sullivan) have some level of DDoS protection for their in-house networks and applications via their current Internet provider. However, this does not cover Cloud-hosted Applications. Districts should check in with their Cloud Application vendors to assess what protections those vendors have in place.
Password Attacks
If a cybercriminal gets a staff or student password, this is the easiest way for them to access valuable information. They may attempt to guess the passwords themselves or use a phishing scam to gain access. It is vital that you enable multifactor authentication for your staff and require complex passwords so you can defend your company against password attacks.
Now that you’ve been reminded of the most common forms of cyber-attacks currently happening, you can make sure you are taking the necessary precautions to protect your district.
This week’s suggestion:
· Talk to your Tech Director about what you are currently doing to protect your network resources from these four common Cyber Attacks.
· Continue (or start) the process of coming into line with the NIST Cybersecurity Framework guidelines
If you would like more information on help with protection options for these Cyber-Attacks or navigating the NIST CSF journey, please contact Lisa MacDougall at lmacdougall@csiny.com or call 845.897.9480.