The National Cyber Security Centre (NCSC) is a government agency that provides cyber security guidance and support, as well as being a single point of contact (SPOC) for SMEs, larger organisations, government departments, education establishments and the charity sector.
Earlier this year the NCSC published an alert to education bodies warning them of an increase in ransomware attacks, and provided guidance on how to prevent criminals from successfully attacking their systems.
What is ransomware?
Ransomware is a type of cyber-attack that criminals use to obtain data and information, encrypting it so that legitimate users can no longer access it. The most common way criminals gain access to data is through phishing; criminals send a malicious email with the goal of getting recipients to click on a link or download a file. This then encrypts the user’s device and begins replicating across the network. Ransomware can also spread into the cloud and encrypt files and backups stored offsite.
Why is ransomware a threat to education organisations?
With the rise in education technology (or ‘EdTech’) and the reliance on technology within schools, education organisations have a large ‘attack surface’: each individual and device becomes an entry point into the organisation. All it takes is one user to click on a link or download a malicious link and your organisation is impacted. With the use of EdTech suppliers, the threat is increased. Criminals may target EdTech providers as an opportunity to target many customers at once. Ransomware inhibits all user activities that rely on the impacted systems, and forces the leadership team, IT team and others to devote time and resources in responding to the incident.
What are the impacts of ransomware?
Criminals have been known to download copies of the data before encrypting it. Organisations therefore face two security issues: the loss of user access, incurring costs from loss of productivity and response activity, and the onwards sale or use of the data for secondary attacks on individual users. This can also lead to further costs in the form of regulatory fines and judgements.
What can you do to prevent and respond to ransomware attacks?
- Training
a) User awareness training can help to reduce the likelihood of an attack. Users who can spot malicious attacks have a better chance of avoiding them.
b) Incident response training prepares the organisation to deal with a situation if a risk does materialise.
c) Business Continuity & Disaster Recovery: sometimes incidents can be so crippling that they impact the organisation’s ability to perform its business operations and generate value. Business continuity and disaster recovery teams need to know what their responsibilities are and to conduct them right the first time, every time. Training those responsible for dealing with these scenarios is particularly important, especially when it comes to dealing with ransomware.
2. Cyber Essentials
Cyber Essentials is a government-backed scheme that has been developed to protect organisations against a wide range of common cyber-attacks. It includes controls for reducing the likelihood and/or impact of phishing attacks.
Being Cyber Essentials-certified demonstrates to your clients that you take cyber security seriously and that you are taking the necessary steps to reduce the risks of a cyber incident. It will also attract new business for your company.
Becoming cyber essentials certified is therefore beneficial for all organisations, of any size, and in any sector. Additionally, anyone bidding for Government contracts involving the handling of certain sensitive and personal information may need to be certified.
More information of the Cyber Essentials scheme can be found on the NCSC’s website here. Principle Defence also have Cyber Consultants who are all Cyber Essentials Assessors and can assist you gain your certification.
3. Backups
Creating backups of your data (at a frequency that suits your organisation) can help you restore if or when you are hit with a ransomware attack. Storing them separately to your organisations main storage (either offline or in the cloud) helps to protect them from the impacts of ransomware.
Principle Defence is an Information Security and Data Privacy consultancy and training provider. We provide security and privacy consulting, leadership, and training and understand the importance of protecting the information held by education bodies.
If you would like more information on the Cyber Essentials Certification, Business Continuity Implementation or Resilience Training that Principle Defence offers, please contact our principal consultant, Jim Wright (jim@principledefence.com), to discuss how we can help implement the correct policies and procedures in your workplace.