Think a Cyberattack Will Never Happen at Your School? Think Again, and Plan Accordingly.

Sep 03 2019

Imagine that it is the first day of school, and you go to log-in to your computer. You are denied access to the system. You get up from your desk to see if your colleague is having the same issue. Before you can say a word, your colleague says "No one can get on the network! IT says we have been attacked with ransomware."

As hard as that scenario might be for you to believe, situations like it have been occurring more frequently across the country. School districts are now a more common target of cybercriminals.

Why Would Schools be a Target?
School districts maintain troves of private data. That maintenance of data, coupled with potentially scarce resources to fend off intruders, makes school districts a more common target of cyberattacks. Recent attacks have occurred from New York to Louisiana, and places in between.

When attacks occur, cybercriminals have either harvested data to sell to identity thieves or used ransomware. Ransomware shuts down access to the target's network, until payment is received by the cybercriminal.

Key First Step
A key first step in addressing the threat of a cyberattack is both simple and challenging: Acknowledge that cybercriminals may target your school district. Without that key first step, school districts run the risk of overlooking the practical steps that may be taken to mitigate risks associated with a cyberattack.

Typical Source of the Problem
Cyberattacks come in many forms. However, one common origin for such attacks is through one unsuspecting person clicking on a link in a deceptive email.

Remember the enormous data breach that impacted 41 million Target customers?  That attack started with a deceptive email sent to one of Target's heating and cooling vendors. It was not even one of Target's employees that was fooled into clicking a nefarious link. It was an employee at one of Target's vendors. Nonetheless, the cybercriminals used that deceptive email as their entry point.

Steps to Prepare for the Attacks
The takeaway here is that everyone needs to be aware that cybercriminals may be targeting them, and vigilant about not falling for the latest schemes.

School districts can mitigate their risks associated with cyberattacks by confirming they have adequate cyber insurance coverage and making efforts to educate all users of their networks about best practices associated with technology usage.

von Briesen & Roper Legal Update is a periodic publication of von Briesen & Roper, s.c. It is intended for general information purposes for the community and highlights recent changes and developments in the legal area. This publication does not constitute legal advice, and the reader should consult legal counsel to determine how this information applies to any specific situation.