What does your school need to do to be ransomware ready?

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in electronic communication (email).

The term ’phishing’ is ultimately a spin on the word fishing, mainly because criminals are dangling a fake ’lure’ (the email communication that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.

In a world where cyber-crime is rife and only ever increasing, keeping ahead of the curve and protecting your staff and the devices which they use to carry out their work is a crucial aspect for any business.

History of Ransomware

In the past, putting an infected memory stick into your laptop or downloading a dodgy file from a website could cripple your device, or worse, spread to other devices and negatively impact your organisation’s network. These sorts of attacks were designed to disrupt your ability to work, by deleting, encrypting or preventing you from accessing your data. More recently, however, attacks are not necessarily intended to wreak havoc, but instead, silently infiltrate your company and extract any information out which may be deemed valuable or sensitive to your mission. The latter predominantly relies on us …. Humans!

Social engineering has been one of the most effective and damaging forms of attacks yet. And the worst part is that it is very simple. Social engineering exploits rely on the member of staff (or multiple members of staff) not being fully aware of the security of the device or services which they use, and therefore, to their untrained eye, they can simply hand over the information needed for an attacker to access the necessary platforms through which they can use to further dig into your business, contacts and data.

Social engineering comes in many forms, however, the most common is through the use of phishing emails. These emails can come from a single user who the member of staff knows, from a company that the member of staff deals with, or from an internal colleague who the member of staff works with on occasion …. except, it’s not actually them! Unfortunately, email has a very simple exploit, which if not managed properly, can allow anybody, no matter who they are, to impersonate (or spoof) another person. Again, without knowing where to look, you may have no idea that the person who’s email you just received, opened and actioned, is not actually them.

At Wand Education, we take the threat of scam emails very seriously and have a few parameters and rules in place to help safeguard our own private information, as well as offering resolute and expert advice to our own customers.

What to look out for

99% of hackers target computers via spam emails that have hidden code and feature the virus that can encrypt and lock your computer if opened.  The idea is to stay vigilant and get all staff to understand the key threats – our 5-step guide is as follows:

  1. If you’re not expecting an email and don’t know the sender, be extremely wary and don’t double click any attachments if you don’t need to
  2. If something that’s supposed to be “official” (and email or web page) has grammatical errors or seems in any way not quite professional, don’t touch it
  3. If the sender’s email domain doesn’t look quite right (the domain isn’t one you know – such as academiastuff.com – or if it has Latin letters replaced with similar-looking Cyrillic or other characters – such as academia), don’t trust it
  4. If in doubt, check with the sender – nobody is going to be annoyed with you double-checking the origin of an email
  5. Wherever possible, utilise systems that don’t store files locally (e.g. Office365/OneDrive/SharePoint online only

Ultimately, ‘phishers’ cannot get to files that you only access via a browser to encrypt them. Therefore, the worst case if you do become infected, you just wipe your machine and don’t lose any data.

It is essential that all your systems have the latest security patches installed and that backups are regularly taken. Consult your head of IT or your service operator if in doubt.

Wand Education  

Wand Education take the security of your personal information seriously. We must make a proper assessment of risk and apply safeguards to ameliorate those risks. In order to assess the risk to Subscribers and Users, the controller and processor must consider the nature, scope, context and purposes of the processing and the potential risks from processing.

We have taken appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. These steps take into account the sensitivity of the information we collect, process and store.

For more information about our policies, visit our terms and conditions here

To learn more about the Wand platform and start your free trial today, visit us here