3 Key Cyberthreats Schools Need To Keep In Mind
With valuable, and often underprotected data, education institutes are prime targets for cyberattackers. On top of regular security challenges faced, the new complexities stemming from COVID-19 are offering cybercriminals tailormade scenario for attacking school networks, and giving education institutes even more security challenges that need to be addressed to keep students and student data safe and secure. Let’s take a closer look at some of the challenges these institutions must address: 1. Phishing scams We’re seeing an uptick in coronavirus phishing scams, and so the chances of phishing emails making their way into the inboxes of teachers, administrators, and students is high. Staff must be provided with comprehensive guidance that allows them to identify such emails. It’s critical to deploy advanced email security that blocks phishing emails, prevents data loss, encrypts email, and offers comprehensive protection against phishing. 2. Shortage of skilled IT security staff This is a challenge not unique to schools, but lack of skilled IT staff particularly leaves a school network susceptible to threats. Schools are shut down to control the spread of the pandemic. At most, there’s a skeletal staff at work, or else everyone is working from home. When this happens, who takes charge of your school’s IT security needs? Schools can find themselves with no one pushing network security, device management, and endpoint security policies. Critical reports identifying risky users, or which offer more information about regulatory compliance might not be leveraged effectively. This can give cybercriminals an opportunity to exploit weaknesses in your cybersecurity infrastructure to infect the network. The answer to this challenge is managed threat response services (MTR). This service offers an expert team to deliver threat hunting, detection, and response services 24/7, so that you don’t have to. You don’t have to worry about spotting suspicious behaviors or whether your cybersecurity configuration is on point because the team manages all security needs for your education institute. 3. Advanced malware attacks As students and teachers spend more time online during coronavirus lockdowns, they are susceptible to inadvertently becoming victims of an account takeover, unintentionally or carelessly sharing their information with cybercriminals. This allows criminals to log in to your school’s network, launch a ransomware attack, and take control of sensitive student data. The solution is to deploy advanced endpoint protection technologies to stop the attack chain and predictively prevent such attacks, features should also include automatic roll back to pre-altered state if files are encrypted. This will help protect data if students or teachers are using school-supplied laptops or tabs. If they are using their own devices to access school resources, it is imperative they install a cybersecurity solution specifically catering to the needs of home users. To maximize their safety, schools must also deploy a next-gen firewall that detects and blocks ransomware at the gateway, and also prevents its lateral movement. Boring can help We protect companies and organizations with proven solutions and services for the full cybersecurity lifecycle. Our offerings include independent consulting for your information security requirements and enterprise solutions for IT risk management and continuous compliance. Some of our services include assessments, policies, prevention, protection and recovery for IT network systems. We are equipped to help businesses make decisions about their IT infrastructure and reduce their exposure as it relates to data protection and cybersecurity. Reach out to us today for a network assessment so our team can assess your vulnerability and discover which services and products will work best for you. Source: Sophos NEWSAuthor: Indrajeet Pradhan
2020 Cybersecurity Resolutions – Cybersecurity Tips
You’ve probably decided on your New Year’s resolutions at this point. Maybe you’re one of those who simply chooses a word to define your year. But what about your business? You’ve likely considered your revenue goals, but have you considered how you’re going to protect your business in 2020? There is a magical word – prevention. Here are eight cybersecurity actions you should take to protect your business in 2020. Identify your risks: If you don’t know where your risk lies, then you cannot take the steps to mitigate them. Go back to the basics. Consider what devices, processes or gaps your company might have. Review and test your backups: It is essential for every business to have a good backup strategy. Even if you fall victim to a ransomware attack, if you have a good backup, you can roll back and get back to business. You need to think ahead and consider all the critical data and ensure you are getting frequent backups should you have a breach. For example, if you’re only backing up weekly on Fridays and you have a breach on a Thursday, you’ve lost up to six days of data. Combine this with an event like a month-end or fiscal year-end and now you’re really in trouble. Install Anti-Virus / Malware Protection Software: You need to ensure you have a reputable and fully updated version of malware protection software on every device in your organization. Be sure that it is fully licensed and that it’s updating as it should. You should implement systems to alert you if a device is out of compliance. Train your Employees: Your employees are your weakest link. You should implement ongoing training for your staff. Be sure your users know the basics like how to spot fake URLs and attachments. Staff at all levels need to be adequately educated from the C-suite down. You’d be surprised how often executives skip this training then wind up being the target. Secure your infrastructure: In many small businesses, this is often a challenge because the budget does not allow for a full-time IT staff person that is adequately trained in all the needed disciplines. You need to ensure your servers, routers, switches and all network devices are secure. If you don’t have the staff to do this, this is where a managed service provider can really help your company. Implement Multi-Factor Authentication (MFA): Going back to number four above, your employees are your weakest link and inevitably some of those employees will have weak passwords or worse yet, share those passwords. By enforcing MFA, you can help minimize this risk. Identify your threats and make a plan: It’s important for a company to determine all its risks. Whether it be those bring your own devices or outdated software. Even if you have a known risk that you just can’t get around, by identifying it you can at least put systems in place to reduce the risk. Not only do you need to consider prevention, but you need to know what you will do in case of a breach or malware attack. Be sure you have a disaster recovery plan in place and key personnel who know how to execute it. Measure and report: Many times, a company goes through the steps above but then files it away in a drawer never to revisit the plan. You should regularly look at key security metrics. Then at least annually, you should review your disaster recovery plan to ensure it’s still relevant. You should also consider penetration testing. This is simply the act of figuring out what could a hacker do to harm your business in a real-world scenario. This will give you peace of mind in identifying your weaknesses. It’s much better that you find through penetration testing before a hacker finds your deficiency. If these tips have you feeling a little uneasy about your company security, Boring Business Systems would be happy to meet with you and help you get into compliance. Boring is a Managed Services Provider in Tampa and Lakeland and also a cybersecurity company. Contact us today for a free consultation.
