This past week, Howard University had to cancel classes due to “unusual activity on the University’s network.” As a result, their Enterprise Technology Services (ETS) team shut down the school’s classes for the day to investigate the situation, which they identified as a ransomware attack. This ransomware attack brought to light the consideration of how deep and wide the net can be cast on any one entity. An incident like this forces us to pause and consider the range of data that could be compromised. A university or college is like a mini-city.
The data compromised could have included:
- Personal data of students and faculty
- Financial information
- Healthcare information
- Research data
- and countless other possibilities that link humans, and their data, to the organization
Hackers increasingly target schools as they can obtain such a variety and wealth of information. Holding the data for ransom cripples an educational institution just as it would any other business. According to research from Sophos, ransomware is more successful when it comes to education, coming in at 56% of the businesses hit ending up with encrypted data, and 35% of them paying the ransom. Unfortunately, only 68% of those who paid were able to get their data back. Last year, the increase in attacks was likely due to the education sector being primarily online during the pandemic.
Be the Teacher
As a business, educating employees is critical. The teachings need to be comprehensive versus only educating on what a phishing email is or what a BEC scam resembles. Although these tools are important, a comprehensive and continuous training program is essential as the scams are continually evolving.
Understanding how data is all connected is necessary to comprehend how a breach of an individual’s data can result in a breach of the business. A simple online quiz completed for fun at home could provide answers that lead to banking credentials, leading to another login that leads to a breach at your company. The connectivity of data and information is very much associated in a way that we don’t always acknowledge as end-users. We must teach and emphasize to all teams to be the first line of defense and protect their data and privacy in the same way they guard their wallets or purse.
To learn more about becoming “Cybersecurity Ready,” contact your Pendello Solutions Team today. A solid front-line of defense is your best protection against human error, and as we know, the cybercriminals are just waiting for each and every one of us to slip up.