Schools might not seem like prime targets for hackers. But last month, the worst-case scenario struck a school district in New Jersey: 800 employees, including substitute teachers, were targeted in a breach on Galloway Township schools. Those staff members’ login credentials were stolen, and two fraudulent wire transfers were executed by cyber thieves.
Luckily, the school district’s bank prevented one transfer from going through, but $200,000 was still lost. Even worse, Galloway’s reputation took a significant hit, with parents and students worried that their personal information could be stolen. As of November 2nd, there was no indication that was the case. But with bank accounts compromised, the concern still lingers: what other sensitive data can be hacked, and what else can cyberattackers do with it?
It’s a question that businesses big and small, government agencies of all sizes, and even educational institutions continue to grapple with. Targeted spearfishing and other forms of email compromise strike companies every day. Last week, the Department of Justice announced a crackdown into the theft of sensitive tech information. And earlier this fall, online criminals even managed to hack into the account of a university in the United Kingdom that offered government-certified cybersecurity courses.
Such attacks on schools have even attracted the attention of the FBI, which issued an alert in September warning of the “privacy and safety implications” of the “rapid growth of education technologies and widespread collection of student data.” As FBI task force members reiterated, personal information pertaining to students under 18 can be used to open credit accounts and create false identities, often with far less oversight than is given to adults. Malicious use of health and financial data can result in social engineering, which attempts to use private information to manipulate or coerce both the initial target and his or her friends and contacts.
So what can you do to protect your school, your company, and your data?
1. Ensure that all software patches and security updates are properly deployed.
Many infections and breaches take advantage of vulnerabilities in certain older versions of software. Institutions that work with trusted IT partners can have updates and patches automatically installed to prevent vulnerabilities.
2. Never click any link or download any attachment in a suspicious email.
The above example at Galloway schools reflects the persistence of spearphishing and email compromise, which target specific users to try and trick them into clicking links or downloading attachments that then hack into protected login credentials. All it takes is one errant click on one illicit link or malicious file to put an entire business’ computers at risk. Training your employees to quickly identify and avoid suspicious emails is a baseline for online security.
3. Always back up your data.
Creating regular, redundant, and remote backups of your critical business data is one of the most important security measures you can take for continued success. While free solutions exist on the open market that may indicate they’re backing up your entire computer, reliable data backup performed on a regular basis by a trusted IT provider is the safest way to prevent any ransomware attack, virus infection, or data breach from knocking your business out of commission. Oh, and make sure your backup retrieval procedures are well vetted and regularly tested — if your data is lost, you want to be able to quickly restore it in the event of a cyberattack or natural disaster.
At CMIT Solutions, we go the extra mile to protect the data, devices, and digital identities of our clients. While ransomware evolves and hackers devise new tricks to avoid standard anti-virus programs and firewalls, our 800 staff members located across North America work day and night to deploy new protections and devise new strategies for IT success. If you want a trusted partner to worry about your technology so you don’t have to, contact CMIT Solutions today.