Sep 03 2019

A growing epidemic of local news reports across the country are validating recent forecasts that attacks on school networks are on the rise, at both K-12 schools and universities. Many of the most recent cyberattacks have used ransomware like the Ryuk virus to shut down school networks and demand payment from administrators. In some cases, schools have been knocked offline for months, while others have paid ransoms substantially exceeding the annual IT budget.

The sudden rise in cyberattacks against schools is likely driven by at least two recent factors. First, increasing emphasis on locking down corporate networks has led cybercriminals to look for softer targets. Second, the recent rise in the value of bitcoin pricing may be leading cybercriminals to look for quick bitcoin windfalls from desperate victims. It’s not yet clear whether cybercriminals are targeting data, as they obviously are when attacking other soft targets like healthcare providers to steal medical and financial information. But crippling a school network to collect an untraceable ransom is still a juicy target. So how do you keep the attackers at bay?

Key Areas of Education Vulnerability

The following vulnerabilities are among the most likely avenues of attack against your school network:

  • Phishing emails are by far the most common origination point for cyber attacks against schools, using a normal looking email to entice users to click on a link that installs malware or tricks the user into exposing a username and password. One common tactic is to create an email that looks like it’s coming from the Superintendent to make the email look more urgent and legitimate.
  • Ransomware attacks may come in the form of a phishing email, or with more recent varieties, they may come in the form of “pharming” attacks, where a virus effectively redirects your web traffic to a fake web page to trick you into clicking on a malicious link. In some cases, attackers will monitor web traffic to see which sites your staff likes to spend time on, create malicious pages that look just like them, and then execute the code that redirects your unwitting users to sites that look real, but will infect your user’s machine and expose your network.
  • A growing number of endpoints and IoT devices, from network printers to student’s smartwatches, can expose a poorly secured network to wifi-based attacks.
  • Windows 7 end of life, coming in January 2020, will expose many school networks to cyber attacks because those machines will no longer receive security upgrades and patches.

Eliminating Vulnerabilities through Better Device Procurement and Management

With all the growing complexities of networked education systems, with computers, printers, laptops, security cameras, IoT devices and an amazing array of mobile devices all demanding access, it’s becoming untenable to keep everything secured under normal district IT resources. IT workers are often already overwhelmed with trouble tickets keeping systems online, which makes keeping up with the latest surge of malware and cyber attacks nearly impossible, as all the news accounts clearly demonstrate.

But changing the way your computers are procured and managed, to ensure that every machine has the latest security updates and is continuously monitored, is one of the fastest and most effective changes you can make to improve your security stance. Device as a Service (Daas), is one way to accomplish that change.

For most K12 and HigherEd schools, endpoints like laptops, PCs and workstations are purchased as standalone devices, each with their own operating system and applications, and each with their own lifecycle from purchase to retirement. Each endpoint must, therefore, be treated individually, with IT support for keeping applications running, updating security patches, and managing end-of-life and replacement with a new machine. Not only do you have the cost for each device, but the overhead of constant IT support and management.

How DaaS Changes the Education Computing Equation

DaaS changes the computing equation by providing a network of devices on a lease basis, with bundled IT support to ensure every device is running properly with up-to-date applications and security. One of the primary attractions of DaaS in education is the ability to restructure the cost of computing. Instead of a capital expense where you pay upfront for the entire cost of the device and manage it yourself, DaaS offers a fixed monthly fee where you pay as you go for the devices you need and offload support, security and lifecycle management to an accountable provider.

But the impact of DaaS goes far beyond improving the cost structure of computing. With DaaS, any time a machine goes out of date or needs replacement, that device is immediately removed from the network and replaced with an updated device. With tracking and management software to monitor device compliance, this is rarely a surprise, and we can plan replacements to avoid any workplace disruptions.

While that may not sound like a significant security measure, it’s quite substantial. The vast majority of security vulnerabilities come down to insecure endpoints and out-of-date software, which most IT organizations are too overwhelmed to manage. Simply ensuring that all endpoints are updated and secure will vastly improve the security posture for most schools, protecting against the types of vulnerabilities that are most pressing today.

DaaS from Red8

Red8 is dedicated to helping education customers harden their networks against cyberattacks. To address the most vulnerable part of the network, endpoints, Red8 now offers DaaS to more effectively manage and support endpoints with advanced enterprise security and monitoring. Red8 is proud to partner with HP to incorporate purpose-built education devices, from rugged laptops to 3D printers, into our lineup of endpoints for K12 and HigherEd schools. If you’d like to learn how we can help you achieve your own security objectives, connect with us on LinkedIn, or reach out directly to our team for a consultation at [email protected].