The news of Lincoln College shuttering its doors after 157 years due in part to a crippling ransomware attack should serve as a cautionary tale of how an increase in this type of cybercrime has impacted colleges and universities across the country.
Data breaches caused by ransomware attacks have doubled in the last two years in the U.S., according to the Identity Theft Resource Center (ITRC). With the recent surge, ransomware attacks will become the “number one root cause of data compromises,” surpassing phishing scams, which have held the top spot for years, the ITRC reported.
Lincoln College is not the exception. Cybercriminals are targeting the education sector, where digital data is encrypted until the victim pays a ransom. In recent months, Centralia College has been affected by ransomware, leaving data temporarily inaccessible, and 5,000 U.S. school websites that use Finalsite were disrupted.
So how can you prevent a cyberattack?
Vito Rocco, the chief information security officer in the UNLV Office of Information Technology, provides some tips.
Think before you click. The most common method of ransomware infection is still tricking people. Be aware of threats like phishing that use social engineering techniques to instill a sense of urgency to perform an action. Do not click links or open file attachments unless you can verify they are safe.
Use good password practices. Follow UNLV’s password guidance to make long, strong passwords (or passphrases) and do not reuse passwords from site to site. When the racecar forum you post on gets hacked, do you want attackers to have your bank account password because it is the same? A password manager can also help you keep track of your passwords.
Enable two-step verification. Two-step verification adds an extra security layer that requires you to provide two or more verification factors to access your accounts. This could be a combination of your password and a code texted to your smartphone. Two-step verification is used for Workday and Google Workspace, and will soon be enabled on applications that use an ACE login. In the meantime, you can enable it on your personal accounts on sites that support it.
Keep your systems and applications updated. Those updates that you are prompted to install are often triggered by vulnerabilities that the software developer has found. By keeping things up to date, you make it harder for attackers to do their job by closing those potential points of compromise. If your UNLV-barcoded machine is managed by OIT, we will take care of most of the updates. You should also update your home computer, mobile devices, and applications.