By Principal Farica Chang
On Tuesday, February 20, 2024, the St. Louis area learned that local Francis Howell School District was temporarily shifting to remote learning in an effort to diagnose and secure its networks after noticing “suspicious” activity.
By Thursday, February 22, the district was able to confirm they were the victim of a cyberattack “wherein malware was used to encrypt certain systems,” according to a letter to parents from Superintendent Kenneth Roumpos. The district’s IT staff, as well as an outside agency, were able to confirm the attack had not impacted security features of the buildings, so the district resumed in-person learning that day, but without internet in the school buildings.
At the time of this posting, if investigation conclusions have been reached, they have not yet been made public. It is still not clear what information or systems may have been locked, accessed, or stolen by the cybercriminals responsible for the attack.
Unfortunately, cyberattacks on schools (as well as just about everywhere else) are only increasing in frequency and severity, and the specific attack vectors are often never disclosed publicly despite the rampant rise in the number of incidents. When a virtual target exists on every entity’s back, criminals often focus on organizations that may have gaps in cybersecurity, aiming to cause the most disruption and ideally collect payment, either from a ransomware fee or from selling stolen data.
It appears Francis Howell School District does not intend to make payments to any entity, as they reportedly contacted the FBI and followed their disaster plans. The quick response of the district aligns with what cybersecurity experts recommend in such a situation.
What Can You Do to Protect Yourself and Your Business?
Treat any news of a cyberattack, either local or national, as a reminder of the potential risk involved should a similar attack happen to you.
Start by assessing:
- Are my backups active, functional, and tested, or will operations be dead in the water if systems are locked?
- Am I utilizing enterprise-grade endpoint protection, network firewalls, email security, data loss prevention implementation, or am I leaving the door open for criminals?
- Does my organization maintain a strict password policy or are users reusing “password123” across multiple accounts?
- Does my organization require multi-factor authentication (MFA), or will a compromised password unlock the gates?
- Is access to business-critical systems limited to minimum-access necessary, or would one vulnerable account grant access to everything?
- Are you confident in your team’s discretion in replying to emails, clicking links, and approaching the internet with caution, or is it time for enhanced email hardening and cybersecurity education?
Answers to the questions above can lead to the next steps to take. If an overhaul of your cybersecurity doesn’t make sense today, even a small step in the right direction can make your organization harder to target and exploit.
If the above questions are well under control, the next best step would be to explore your organization’s disaster response and recovery plans. The covered scenarios should include cyberattacks. While we don’t yet know the details around the Francis Howell School District incident, their swift response to ensure safety may have prevented further damage.
Ready to take action towards ensuring that your cybersecurity profile is more robust? Perhaps you want to schedule an educational session so your users know the latest threats to watch out for. Whatever your next steps are, Anderson Technologies can help.
