Can Confidential Education Data Be Held at Ransom?

Imagine if you are accessing your personal college records online and somehow it is blocked by a third party who has changed your passwords and is asking for a fee to release the new passwords. What would you do in such a situation? Especially, when you want to access your current examination result! Yes, it happens and is happening quite often. Ransomware attack rates hitting industries have doubled and tripled in the past years. Ransome ware usually plagued the medical industry the most but at the moment the criminal minds are targeting educational institutes increasingly. BitSight an auditor of security posture of leading organizations, showed the education sector was hit hardest by ransomware attacks in the last year, 2016.

Osterman Research showed phishing and ransomware attacks growing by several hundred percent in the year of 2016.The survey which was done by Domain Tools named ransomeware in the top three problem areas for IT and security professionals. Protection in Educational institutes is generally lower due to open culture so they are a target. Would you like or would your organization like to be a victim of such criminal bents? I think not. Especially when you need the information which is current and for some purpose in a hurry! That is when the malware usually strikes. It can cripple the entire system. It can even sometimes replicate and affect a number of PC’s in the network from the source contaminated PC.

Ransomware By Industry Sector

                                                                                                 Source: Bit Sight

What can be done to reduce and mitigate the damage of such an incident in your computer systems?

“Establishing email security protocols, monitoring key third-party vendors, tracking security ratings and avoiding file sharing are all ways to mitigate risks associated with ransomware,” said Stephen Boyer, co-founder and CTO of BitSight.

According to Datto in their report: “Malicious emails coupled with a general lack of employee cybersecurity training are the leading cause of a successful ransomware attack. Today’s businesses must provide regular cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox, a leading entrance point for the malware.”

One might think installation of virus protection or anti-malware will do the trick? But most of the attacks as stated by Datto reported virus/malware protection and e-mail spam filters are not effective. Infections via Dropbox were 29%, via Office 36%, via Google Apps 6% and, 3% via Salesforce.

Educational institutes must arm themselves against such attacks with better technology which will cost more. CISOs have to make the right choice to tackle such security risks. Phishing is the top security list from 2015-2016, where people open emails that are of malicious design tricking them.

What are some newer technologies that can help reduce chances of such incidents? Cloud technology has been found to help. According to Matt Morton, CISO and assistant CIO at the University of Nebraska at Omaha, “The cloud has taken off like crazy, and it’s a great help, but at the same time, it’s complicated from an information security perspective because there’s a lot of due diligence that has to take place.”

What can Poor security at the education institute lead to in terms of dire results for you, your customers and your suppliers? Today almost all rely on technology to transact business; digital security has become a significant concern even for small businesses. How do you address such a risk? Having a plan that addresses safety and security issues is needed for your communications and electronic transactions so as to avoid problems that may arise from malware, phishing and ransomware and the consequences of their strike to the institute, employees and students.

 What happens in case of hacking event? Hackers may come up with elaborate ways to steal institute passwords, hack student files and records, download sensitive student data which they will try to sell or use to steal.

Snooping as Corporate Espionage

How can one safeguard their personal files and data that need to be confidential? Information the institute wants to keep from competitors should be examined and protected. Steps to safeguard patents, customer data, personnel files, sales data of competitiveness should be done using IT solutions otherwise it will fall into the wrong hands causing damage to you institute and your profits, by using security measures to restrict access and transfer of these crucial data.

How can one prevent data from being hijacked for money till paid? Held at loss by ransomware due to failure of routine security checks is a problem. Important records, data financial transactions may be kept at ransom and blocked until paid giving the institute a bad name and causing difficulties to operate as normal. Important technologies can be used to solve this problem so that your access is never blocked and is always kept secure, up and ready when you need it 24 x 7

What are some legal liabilities if faced with cybercrime of this sort? The loss or theft of confidential data of customers, clients, vendors and suppliers can be a disaster and should be kept secure. Protect is a must to keep away from suffering legal damages that can shut the institute down. Judgments even small even if they fail to cause legal damage can tarnish the name of the institute. Would not the reputation be at stake?