In a recent Keenan Blog, we presented information on a ransomware attack that targeted school districts and other public agencies. The IT vendor serving nearly 50,000 customers quickly detected the scheme and only about 50 organizations were actually breached. But vulnerabilities to small businesses and local agencies became apparent. This Trending Topics focuses on the steps schools can take to prevent their data and systems from being compromised and the best practices for recovering from a breach by cyber criminals.
In planning a cybersecurity strategy, understand that the most likely way your network will be infiltrated is through an employee inadvertently providing credentials or direct access to your system to a hacker. Phishing and spear-phishing, and other social engineering techniques are designed to fool a computer user into giving out their login information or opening malware files embedded in an email. Bad actors frequently introduce an element of extreme urgency to encourage a potential victim to give up their credentials before they have a chance to think through the situation.
Train your employees to recognize possible cyberattacks. Teach employees that they will never be involved in an emergency situation requiring them to provide their passwords or launch a program from someone contacting them through email. There’s always time to check it out through your IT department. Emphasize that legitimate organizations do not ask for login credentials through an email.
"Train your employees to recognize possible cyberattacks."
Channel-jacking techniques involve a computer user receiving a request through a web site, pop-up or instant message to give a third-party access to their system. Instruct users to refuse this kind of request. If employees ever notice their screen cursor moving without their action, or see screens changing on their own, it is possible their computer is being accessed remotely. Either of these events should be immediately reported to your IT department.
Two-factor or multi-factor authentication enhances login security by adding layers inaccessible to an outside hacker to the simple username and password credentials. A unique code sent to the user’s phone provides verification. Multi-factor authentication can include biometric identification (e.g., fingerprint or facial recognition) or use GPS location to exclude a remote hacker.
Despite ongoing training and diligence by your employees, breaches can still happen. If you are hit by ransomware, a current system backup – maintained off site – is your best insurance for a resilient recovery. Of course, any vulnerability enabling the breach must be corrected and any necessary training updates implemented.
Staying ahead of increasingly sophisticated cyber criminals is challenging, but it’s the reality of our connected world.