The district servers and computer systems of Las Cruces Public Schools (LCPS) remain shut down following the discovery of ransomware on October 29. The attack impacted 49 public schools, including elementary and high schools, and affected about 25,000 students and 3,000 employees.
Here are the three biggest takeaways from this cybersecurity incident.
#1. Schools are top targets for cybercriminals
The LCPS attack is not unprecedented. In fact, it follows a similar one that paralyzed the Gadsden school district email systems last June.
According to a site that monitors cyberattacks on US public schools, 725 schools have suffered a cyberattack since 2016 — proof that the educational sector is a top target for cybercriminals.
Monetary gain remains the primary motivation behind these attacks. Cybercriminals can steal confidential data and sell them for a fortune on the black market, or they can hold computer systems captive and demand ransom. One school alone is an information treasure trove for its identity and payment records, and a school district, even more so.
#2. Prevention is better than mitigation
While LCPS interim superintendent Karen Trujillo assured that data has not been compromised, it would have been much better if the attack had been prevented. As it happens, the attack affected the school district's systems, making the LCPS website inaccessible, the internet and Wi-Fi networks indefinitely unavailable, and affected devices unusable.
Dealing with the aftermath of a data breach can cause productivity loss as well as financial and reputational damage, so it’s best to prevent cyberattacks altogether. The National Cyber Awareness System (NCAS) strongly suggests consistently performing the following security best practices to lower the risks of falling prey to a cyberattack:
- Create strong passwords and employ multifactor authentication.
- Connect only to secure networks, especially when working remotely.
- Always update software to its most recent version, since updates often include security patches.
- Be wary of emails from unknown senders because they might be phishing emails designed to make you divulge login credentials. Also be cautious of links in emails, as they might be ridden with malware.
#3. Focus on preventing data loss
Cybercriminals are always looking to steal or infect your data. And in the event of a successful data breach, it's crucial to have backups so you don't lose critical data. Luckily, the LCPS had good backups that allowed them to restore necessary files and systems and resume business operations.
To guarantee that you don’t lose data, follow the 3-2-1 backup rule, which states that:
- There should be at least three copies of data.
- Two of these copies should be stored locally but on different devices or different storage media. For example, one copy is stored on your local drive and the other is saved on an external hard drive.
- One copy should be stored off-site, like in the cloud.
A comprehensive backup strategy ensures you don't ever have to pay ransom or lose any valuable data in case cybercriminals install ransomware in your machines.
Do not be a victim of ransomware and other cybercrimes. Kosh Solutions offers 24/7 cybersecurity protection that safeguards your school systems from imminent and fast-spreading threats. Secure every inch of your IT infrastructure. Get a security assessment today.
Like This Article?of our most popular posts