Over 50% of Higher Education Hit with Ransomware
How do Schools Protect Themselves?
First, to improve, districts likely will need to increase cyber budgets. The spending should go toward training users on security principles and social engineering tactics. Other recommendations include:
- Use multi-factor authentication on systems including email, remote access, and all privileged accounts.
- Deploy modern security tools (like next generation antivirus and EDR tools) on devices to continuously look for and mitigate threats.
- Update or patch all systems to protect against all known vulnerabilities and change passwords across networks so previously stolen credentials are useless to malicious actors.
- Back up data and ensure air-gapped or offline backups beyond the reach of hackers.
- Test incident response plans so organizations are prepared to respond quickly to minimize the impact of any attack.
- Encrypt the data so it cannot be used if it is stolen.
- Educate employees to common tactics attackers will use over email or through websites, and encourage users to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly.
Oakland Declares State of Emergency After Ransomware Attack
Prevent Ransomware with these Best Practices:
- Close all RDP ports if not in use. Otherwise, place all RDP services behind a VPN and protect them using 2FA.
- Protect all accounts (including email) and remote access points with 2FA.
- Keep all software up-to-date and implement a patch management program.
- Train employees to recognize phishing emails and how to report them to IT.
- Implement geo-IP filtering to block web traffic from entire countries.
- For cloud backups, use separate, dedicated credentials for access and consider any immutable storage options.
- Segment networks to build internal barriers to prevent ransomware from spreading.
- Apply “least privilege” principle to all user accounts.
- Backup data regularly using the 3-2-1 back up rule.
Clients have access to a complete guide of ransomware protection.
Iowa Passes a Consumer Privacy Law
Who does it apply to?
Covered businesses are those entities that control or process personal data on 100,000 Iowa consumers or derive 50% of their revenue from selling the data of more than 25,000 Iowa consumers.
What rights are defined in the statute?
The statute creates the following consumer rights:
- To confirm that covered businesses are processing the consumer’s personal data and access that personal data.
- To delete personal data provided by the consumer.
- To get a copy of the consumer’s personal data with certain limitations.
- To opt out of the sale of personal data or targeted advertising.
Covered businesses must adopt reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data. Additionally, businesses must protect sensitive data, including racial information, biometric data, and even geolocation under the statute but not processing the data without clear notice to the consumer and an opportunity to opt-out of the processing.
The statute does not include a private right of action and the attorney general of the state has exclusive authority to enforce the law.