Catching Phish in School
The answer to the problem of phishing and ransomware in the Education sector is more education.
Despite pretty widespread global press on the subject, the exponential rise in phishing and ransomware related scams and the success that the scammers seem to continue to enjoy is mind boggling. Technical countermeasures are by no means foolproof, schools and universities large and small are caught out all the time and yet often still seem to believe that it will never happen to them or that they are not a target.
Education is one of the most effective and best value defences that can be deployed in the eternal battle against phishing scams.
In the education sector in general there has been a reluctance to take the issue seriously with many believing that they are not really a target. In fact very recently there have been several high profile and many other lesser known educational institutions who have been successfully breached and had their data released onto the dark web after failing to pay the ransom. These schools did not get a lot of press for this nor did many of them speak openly about it for fear of bad PR.
I would argue that the more organisations speak up and are open about such breaches the better, it will lead to a broader awareness and hopefully less stigma and shame. It is not necessarily their fault that they were breached, it happens to more schools than ever gets reported.
A small sample of what is available if you know where to look
University of California
Many other high schools
These are not isolated examples and the problem is only getting worse especially for schools which face several unique problems which most companies do not. Namely that they have a huge transient population, mostly carrying their own devices on the school network, in most cases the students carry multiple connected devices. This makes network design for security much more challenging especially as most of the devices on the network are not managed by the school itself and can potentially contain all sorts of unknown threats.
Education as a sector must focus on the education staff and students alike on the real threats which face them in today’s 24/7 online world. These threats are not going away.
If you are interested in training for your staff please drop us a line here and speak with us about how we can help.