The LA Unified School District experienced a debilitating ransomware attack over the weekend, and several advisories have been released this week that have reported similar events targeting the education sector. Our Information Security Team and various other Division of IT Teams are actively monitoring the situation and staying up to date with the recommended compensating controls by the cybersecurity community. As details evolve, we wanted to share some helpful tips:

• Be cautious of unexpected emails and emails from unknown senders. If an email seems suspicious verify its legitimacy with the sender or with ITSS before providing information or clicking on any links. Phishing is the primary method for ransomware attacks. More information about phishing is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml
• Store files in a secure location. Box is the approved cloud-based content storage and collaboration service for university staff and faculty. More information about Box can be found at https://support.csuchico.edu/TDClient/1984/Portal/KB/?CategoryID=2877
• Make sure your computer has system updates installed. Campus-managed computers have system updates installed automatically.
• If not already used, consider enabling multi-factor authentication for personal accounts used for finance, email, and social media services. Popular options include text message verification, Face ID, or Google Authenticator.  

NPR’s reporting on the incident can be found at https://www.npr.org/2022/09/07/1121422336/a-cyberattack-hits-the-los-angeles-school-district-raising-alarm-across-the-coun