UNIVERSITY PARK, Pa. — During National Cybersecurity Awareness Month, Penn State’s Office of Information Security is urging the University community to protect their devices, data and Penn State Accounts against cyberattacks. These attacks include ransomware, a type of malware designed to block access to all or part of a computer system, including files and photos, until a sum of money or “ransom” is paid.
Recently, ransomware attacks have increased in both frequency and scope, including at some universities.
“Cybergangs have figured out that if they attack larger organizations, businesses, and universities they can get more money,” said Rich Sparrow, acting chief information security officer at Penn State. “So instead of attacking one computer they go through the network and try to ransom as many systems as possible with a single attack. In some cases, they may even go a step further and force their [the targets’] hands by leaking confidential or sensitive information to the press.”
These more elaborate ransomware attacks have already occurred in higher education institutions, and Sparrow warned that “there is a concern across all industries that compromises are going to become even more destructive because there is more money in it.”
Faculty and researchers who work with intellectual property — which includes creations of the mind such as inventions, research, literary and artistic works, symbols, names, images, designs and trade secrets — are encouraged to be particularly vigilant. However, it is also recommended that anyone who has personal intellectual property in digital form protect it.
Protecting intellectual property means preparing for ransomware attacks. This month the Office of Information Security outlined ways to protect your devices, your data and your Penn State Account. To mitigate the damage from a ransomware attack specifically, backing up data is one of the most important steps you can take. Sparrow also noted that verifying your data, using secure computers when accessing your research and making sure all devices you use for research are updated with the latest software are also particularly important. Accessing data through OneDrive and other Office 365 applications is a good idea too, he said, since they have built in protections and folder syncing.
Since ransomware and other cyberattacks can occur even after cybersecurity best practices are followed, it is also best to know what to do in case of a security incident. The incident reporting guidelines outline how to determine what steps to take when a security incident occurs, whether it involves a personal or University owned device, a Penn State network or server, confidential or sensitive information, a Penn State user or admin account or infection with malicious software.
For more information about cybersecurity, visit the Office of Information Security website.