Ransomware Attacks: 5 Actions for Education Entities

With students around the country having returned to school, either in-person or virtually, the risk of a cyber-attack on educational institutions is heightened.

Schools have often fallen victim to cybercriminals. In 2019, educational entities – including K-12 schools and higher education institutions – accounted for three in five of recorded ransomware attacks. This underscores their vulnerability and the need for them to consistently monitor their systems and have robust incident response plans in place if they are targeted by criminals. And the stakes are even higher this year.

Virtual Learning Elevates Risk

As the pandemic continues, many schools are operating partly or wholly online. That can help reduce the spread of COVID-19, but adds new threats. Cyber-attacks can lead to system shutdowns that freeze the online learning environment, leading to an interruption in classes and other services that could result in a loss of income.

This risk is particularly acute for tuition-based schools, some of which are already struggling to remain financially solvent. Interruptions — especially lengthy ones — can lead students to question whether they should continue to pay tuition. Adverse events on campus, including network interruptions or data breaches following an attack, can also cause widespread reputational damage.

Early Identification, Effective Response Essential to Recovery

The pandemic has forced organizations to pivot toward flexible thinking and creative planning. As schools, colleges, and universities continue navigating a shift to online learning — or prepare for such a move if COVID-19 cases in their communities surge — putting systems in place to minimize the risks of a cyber-attack is crucial.

Schools, colleges, and universities should ensure they are well equipped to quickly identify and respond to an attack, allowing them to return to normal operations with minimal disruptions, through the following actions:

  1. Conduct regular stress tests. Identifying potential system weaknesses and strengthening cybersecurity controls can help mitigate the risk of losing access to virtual learning resources. Students can help, too — university-sponsored phishing tests and campaigns targeting students can help spread the word about the importance of staying vigilant.
  2. Quantify the financial effects of cybersecurity threats. Mapping out the risks and costs for different parts of the organization can inform your strategy for continuous investments in security and risk transfer. For example, research labs are often targeted due to the potentially valuable nature of the information they hold and their willingness to share academic information with peers may require increased scrutiny and investment in IT security.
  3. Rehearse your response to different scenarios through regular tabletop exercises. Such exercises should involve different stakeholders from across the organization and potentially even outside partners, ensuring that everyone has a clear understanding of their role during an event.
  4. Develop a robust incident response plan that establishes the actions you need to take once a breach has been identified. Identify, in advance, any external partners you will need to engage to help you get back up and running and keep lines of communication open. Make sure you have your partners’ contact details securely available outside your main system in case of a complete shutdown.
  5. Review your insurance programs. Before an attack, identify the notice provisions in your policy, or the steps your organization must take to alert your cyber insurer of a claim. While Marsh data shows that the education sector has the highest cyber insurance take-up rate, the industry tends to purchase lower limits. Work with your insurance advisors to determine the amount of coverage you need to sufficiently cover a potential catastrophic loss. If you don’t have a standalone cyber policy, make sure to have a clear understanding of the limitations of any cyber coverage included in another policy.

As educational institutions increasingly rely on a virtual environment, the risk of cyber incidents has never been greater. Work with your broker to understand your cyber risk exposure and build insurance and risk mitigation programs that can help manage the effects of a cyber-attack and quickly return to normal operations.