What Are You Doing To Protect Your Entity From Cybercrime?
Cyber-attacks and data breaches do not discriminate and it only takes one wrong click to exploit a vulnerability in your system. Unfortunately, due to the amount of sensitive information housed in the databases of educational institutions, schools have a greater obligation to ensure their networks are protected at all costs. In addition to cyberattacks that could render your network virtually useless, bad actors – those leading the attack – could gain access to and make off with critical data. And while data theft is bad enough, failure to secure student data in accordance with the Family Educational Rights and Privacy Act (FERPA) can result in dire consequences to your school and your district.
Is Your District’s Data Safe?
As an educational institution, the community you serve has an expectation that school officials are not only in the business of education but of maintaining the safety of the children they serve. Parents trust that their students are safe in the classroom and, thanks to increased technology usage, that their data is secure and protected from those who intend to do harm. In short – safety in our schools is now assumed to go far beyond physical and mental wellbeing. Today, digital safety is a very real expectation and the public is now asking what their schools are doing to maintain the safety and security of all the data in their possession.
With the rise of online education – particularly resulting from impact COVID-19 has had on education– Windows PCs are competing with Google Chromebooks to become the go-to device the classroom. According to a January 2021 announcement, Microsoft stated that, “more than 200 million students, faculty, institutional leaders, and teachers are actively using Microsoft Education products.” Moreover, since September 2020, the number of students using Microsoft Teams has reportedly increased by 30 million and the total number of students using the platform has risen to 100 million.
Microsoft has certainly made gains among the education community. Unfortunately, this is why the latest Window’s security vulnerability, Print Nightmare, is so terrifying. Even so, there are valuable lessons to be learned from Print Nightmare. Notably, the security vulnerability demonstrates the importance of conducting a cybersecurity risk assessment in your district to determine where your vulnerabilities lie – a crucial first step to determine the best way to implement a district-wide cybersecurity and data protection strategy.
A Closer Look At Print Nightmare The Threat
Print Nightmare allowed attackers to access the print spooler of targeted Windows workstations or servers, which gave them the ability to run malicious code disguised as a print driver. Knowing their victims would be unlikely to question the legitimacy of a print driver update, all the hacker had to do was wait for the fictitious print driver to be updated and installed. Once installed, the hacker gained the all-access pass they were looking for and could secure the credentials necessary to run wild on the organization’s network – gaining access to critical servers and data.
The Problem Facing Schools
As you can imagine, Print Nightmare has done significant damage to Microsoft’s reputation in the marketplace. But the fallout doesn’t stop there. Individual organizations affected by this exploit are also facing repercussions. As government-funded entities, schools are held to higher standards and when the public’s confidence is shaken, it can be difficult to regain their trust. And then there’s FERPA and the Protection of Pupil Rights Amendment (PPRA) to contend with, which if non-compliance is found, could result in your institution no longer being eligible for U.S. Department of Education funds.
“While the Family Educational Rights and Privacy Act of 1974 (FERPA) does not require educational institutions to adopt specific security controls, security threats can pose a significant risk for student privacy,” states the U.S. Department of Education on its security webpage. “Educational institutions should take appropriate steps to safeguard student records. Breaches of educational data are common and can lead to a violation of FERPA, as well as to a host of negative consequences for students such as identity theft, fraud, and extortion.”
The Fix
Albeit not ideal, there are two actions you can take now to protect your machine and network from Print Nightmare. The first action you can take is to turn off the device’s print spooler.
The downside here is that the user will no longer be able to print from the device. The second action you can take is to turn off incoming remote client connections to the print spooler on all devices. This specific solution will effectively add another layer of protection for your network, but it will not stop the attack from occurring on the local machine. Furthermore, this method can’t be implemented on networks where a print server is being used as it will block printing to network printers except by IP address. Only printers that have been added locally to the machine by IP address will continue to function. As you can see, both of these solutions are less than ideal.
The good news, however, Microsoft released a steady stream of updates to target and, ultimately, protect Windows devices from the Print Nightmare vulnerability. It is vital that you deploy all updates immediately to keep your devices safe if you have not already.
We Are At War
Threats of cyber-attacks and data breaches are unlikely to go away, and it’s targeting all devices – not just Windows. This means your entity must take proactive measures to win the war for complete control and protection of your data and network security. The first step is to partner with a team that’s not only knowledgeable about the specific challenges your organization faces but that can provide insight into your unique network vulnerabilities. A comprehensive risk assessment should be performed and gaps in your cybersecurity infrastructure should be closed immediately. Finally, work with your cyber team to develop a strategy that constantly monitors your network for vulnerabilities and immediate threats while accounts for regular updates of your security controls.
Cyber Threats In America’s Schools Continue To Rise
Since 2016, the K-12 Cybersecurity Resource Center has tracked 1,180 cyber incidents within the nation’s K-12 public schools. These incidents include, but are not limited to:
- Unauthorized disclosures, breaches, or hacks resulting in the disclosure of personal data
- Ransomware attacks
- Phishing attacks resulting in the disclosure of personal data
- Denial-of-service attacks
Additionally, in 2020, the education sector accounted for more than 60 percent of all reported cyber- attacks in the United States. In other words, the cyber threat is very real and it’s past time for district administrators to make cybersecurity a priority – particularly now that there is an increased need to secure remote environments and protect personal student and employee data in compliance with data privacy laws while accommodating the growing demand for remote education. Fortunately, protecting your data doesn’t have to wipe out your district’s coffers. For example, according to a recent article published by OASBO, “funding can be approved for cybersecurity technologies and user awareness training.”
Need Guidance? We Can Help
Rea & Associates’ cyber team performs data-first, security-focused risk assessments designed to reinforce data integrity all levels while ensuring organizational compliance and maximum protection. The team can also help you secure the funding you need to secure maximum protection of your district’s network. If you would like to learn more about Print Nightmare or the steps you can take to secure your educational institution as a whole, contact our cybersecurity experts at Rea & Associates.
For additional insight, check out our website at www.reacpa.com/cybersecurity.
By Travis Strong, CISA (Wooster, OH)