Five steps to fighting ransomware attacks against schools

Commentary: How can university IT teams prevent the next WannaCry? Educate, patch, modernize, plan and invest.

It’s estimated that 13 percent of schools have experienced ransomware attacks, making education one of the sectors most often targeted by hackers.

Most of these ransomware attacks have been aimed at colleges and universities, likely due to the more open nature of campus IT networks, the number of mobile devices in use and the lean IT teams.

We saw this scenario play out earlier in the year, when several universities were infected by WannaCry, the ransomware that crippled organizations by targeting computers running unpatched versions of Windows. While they were able to contain the damage, higher ed leaders and security IT teams should consider WannaCry both a learning experience and an opportunity to fortify their networks in anticipation of a future attack.

To that extent, here are five steps that university IT teams should implement today to help prevent the WannaCrys of tomorrow.


Educate end-users, from students to faculty

Attacks only continue to grow more sophisticated, and today’s hackers are no longer using simple phishing schemes to entice users (although those are still prevalent). For instance, social media has become a favorite playground for bad actors, and schools and universities are rife with students and faculty active on social networks.

As such, it is important for IT professionals and school administrators to inform end-users — students, teachers and other school officials — about methods they can use to stay safe while using campus computers, personal computers and mobile devices. Simple education can make the people using these tools an effective first line of defense against potential security threats.

Say hello to “Patch Tuesday”

Identifying vulnerabilities early — and patching them quickly — is the key to good security hygiene. Unfortunately, schools with smaller budgets and IT teams do not have the resources to keep up with constant patch cycles. That is probably one of the reasons WannaCry was able to get through. Although the virus and its corresponding patch were introduced in March, many organizations were unable to prepare for the eventual attacks that occurred later in the spring.


To work around this challenge, schools should adopt a “Patch Tuesday” mindset. Patch Tuesday is an unofficial term that organizations use to signify the day of the week that Microsoft announces patches to its security products, but it can also be a good rule of thumb for schools. Setting aside one day out of the week to ensure that all systems are up to date with the latest security measures is an easy way to help keep networks safe. Network administrators should do this continuously and make it a part of their weekly IT routines.

Combining Patch Tuesday with a patch management solution is a winning strategy. These solutions make it easy to push out patches and implement and test updates to ensure they do not adversely impact schools’ IT infrastructures.

Modernize legacy IT systems

Legacy IT systems can be highly susceptible to hackers and ransomware because they are difficult or impossible to patch. An older system like Windows XP, for example, is six times more likely to be infected with malware than newer versions of Microsoft’s operating system.

Although many schools are operating on very tight budgets, they should try to allocate at least some funds for modernizing legacy IT systems. Long-run savings will ultimately outweigh the initial investment, and a school’s security posture will improve dramatically.


Have a back-up plan in place

Scheduling regular file backups — at least once a day, ideally — can be a lifeline for organizations hit with a ransomware attack, but backing up alone is not enough.

Managers must test the restores of their backups to ensure they are working properly. Many people routinely make the mistake of not testing, only to find out that their files are not restorable when they need them the most.

In addition, backups should be stored offline and preferably offsite. Online backups can be too easily subject to the same risks as the original files, and distance from the main data center provides an extra level of security.

Invest in Security Information and Event Management (SIEM)


Ongoing monitoring and system management are critical to maintaining a solid security profile, and SIEM tools allow IT managers to do this with ease.

SIEM helps managers ascertain a baseline analysis of their operating environment, making it much easier to detect anomalies later. They also gain visibility into virtually all aspects of network activity and receive alerts when a potential threat is flagged. These alerts help pinpoint the cause of the problem and allow for quick remediation of nascent attacks before they adversely impact the network.

Latest Podcasts