Security

Tips for Preventing Ransomware During Remote Learning

Here are some key strategies for building a solid ransomware prevention and response plan.

Ken Galvin is the senior product manager for KACE Systems Management Appliance. He has been with KACE for six of his 14 years at Quest Software, where he previously managed the Quest Management Xtensions product line, which extended Microsoft System Center to non-Windows platforms.

University leaders had to reckon with their IT departments’ need for more manpower last spring, when higher education IT administrators transitioned from managing devices on one network to managing a complicated web of networks across the nation. About a year later, many colleges and universities still find themselves lacking when it comes to having the right IT support to secure remote work.

“Few IT departments will have increased resources to address expanded expectations,” notes an EDUCAUSE report on 2021’s top IT issues. “Stakeholders will need to choose the highest priorities, and institutions with effective IT governance will find it easier to prioritize demand.”

One key area of focus that universities and colleges should continue prioritizing is ransomware prevention. Higher education institutions should not expect to see a decline in these types of malware activity anytime soon. On the contrary, ransomware remains a huge threat to higher education business continuity, as one attack can delay classes for weeks. As IT departments assess their cybersecurity protocols in 2021, here are some key strategies for helping university leaders ensure they have a proactive ransomware prevention and response plan.

Create a Proactive Malware Prevention Plan

Strong security strategies must prioritize prevention. Consider which measures and policies your organization can implement now to prevent — and prepare for —potential ransomware attacks.

For example, having detailed guidelines documenting who has administrative access to sensitive information can help you detect vulnerabilities before they get exploited.

MORE ON EDTECH: Download the checklist you need to build a defense-in-depth strategy.

Even in the event of the worst-case scenario, never pay the ransom. The U.S. Treasury Department issued a warning last October that organizations could face legal ramifications for paying.

Automate Security Processes For Today’s Remote World — and Beyond

To help employees thrive remotely, IT teams must expect the unexpected. While remote work isn’t new, the scale is certainly unprecedented for most higher education institutions.

IT teams working in education are typically accustomed to preparing for attacks that occur within university networks. However, this is not good enough anymore in a distributed education system. Whenever IT resources are scarce, automation can help.

It is very costly to have dedicated IT support working at all times of the day. By automating certain processes and procedures, organizations can be more resilient against cyberattacks, gain much faster response times and realize cost-saving benefits.

For example, consider adopting a service desk application to help the IT department automate tasks. Doing so would enable instructors to easily access files they would otherwise need to access through IT. It’s like an IT self-service solution.

This also frees up time for small IT teams who have to focus on much higher priorities. No matter what happens in the coming semesters, automation will be critical to helping IT departments manage day-to-day needs — without jeopardizing higher security priorities.

Think Like a Hacker: Know What to Prioritize

Prioritizing comprehensive patch management — and vulnerability scanning — is critical to preventing ransomware attacks. Cybercriminals who cash out on ransoms have largely targeted organizations without the latest endpoint patches.

MORE ON EDTECH: Download our white paper on next-generation endpoint protection.

This is another example where automation can help. To ensure devices are safe, consider taking a proactive approach with automated patching.

IT employees should also be actively educating themselves on the latest solution updates. Higher education institutions that do not patch or update software regularly are likely inviting trouble.

As technology adoption in education continues to grow, universities and colleges must never stop enhancing their cybersecurity strategies. Regardless of whether courses are remote, in person or a hybrid, higher education leaders must protect confidential student and faculty data. While some institutions plan to reopen campuses fully, the events of 2020 have made this much clear: The brick-and-mortar approach to security is no longer viable.

eclipse_images/ Getty Images