This past week Howard University had to cancel classes due to “unusual activity on the University’s network”. As a result, their Enterprise Technology Services (ETS) team shut down the school’s classes for the day to investigate the situation which they identified as a ransomware attack.
This incident brought to light the consideration of how deep and wide the net can be cast when an attack takes place on an entity such as this. While nothing is confirmed with the Howard University incident, it does mean that we must pause to consider the range of data that could be compromised. A university or college is like a mini-city.
The data that the network contains might include:
- Personal data of students and faculty
- Financial information
- Healthcare information
- Research data
- and countless other possibilities that link humans, and their information, to the school
Schools are increasingly targeted by hackers as they can obtain such a variety and wealth of information and holding the data for ransom cripples them as it would any other business. According to research from Sophos, ransomware is more successful when it comes to education coming in at 56% of the businesses hit ending up with encrypted data, and 35% of them paying the ransom. Unfortunately, only 68% of those who paid were able to get their data back. The increase in attacks last year was likely a result of the education sector being mostly online during the pandemic.
Be the Teacher
As an MSP, educating your clients is critical. But that doesn’t stop at teaching them what a phishing email is or what a BEC scam is. These are important, but they are also overlooked until they happen to the individual or business. So how do we counter that and make cybersecurity important? Show them the cost of a breach to their business with our white-labeled breach cost calculator. Paying and planning proactively is far less expensive and impactful than paying in a reaction situation.
Explain how data is all connected, and more importantly, how a breach of an employee’s personal data could result in a breach of the business. An online quiz that they do from home, could provide answers that lead to banking credentials that lead to a student login that leads to a university breach. The line of wreaking havoc and causing damage might not be that simple, but the connectivity of data and information is very much connected in a way that we don’t always acknowledge as end-users. Teach humans to be the first line of defense and to protect their data and privacy in the same way that they guard their wallets or purse.