How to Protect Student Data from Ransomware: 4 New Year’s Cybersecurity Resolutions for Schools


Schools are a big ransomware target these days. This week, Palo Alto Networks posted that the ransomware gang Vice Society launched ransomware attacks on more than 40 educational organizations—including 15 in the U.S.—in 2022. This week we also saw a TechTarget article stating that the education sector remained a popular target—particularly by Hive, a ransomware-as-a-service group.

In September, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning that cyberattacks against schools may increase. CISA intelligence officials warned that K-12 schools may be “particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.”  

The alert lists what schools should do to prepare for an attack: document all external remote connections, require all accounts to comply with established password requirements, and implement a recovery plan. While those are the basics, if you’re an IT pro responsible for your school or district’s data protection, there’s much more you can do.

But schools are continually dealing with limited budgets that force difficult choices. Students must always come first, but administrators and IT leaders still need to sit down and discuss the risks they face and the potential costs of an attack. And those costs can be high, with one study finding that ransomware attacks on U.S. schools and colleges cost $3.56 billion in 2021. Hopefully, that will motivate school leaders to cull more budget dollars for IT investments.

With that in mind, here are some crucial school-related New Year’s resolutions that are worth considering if you want to have a more peaceful, ransomware-free 2023.

1. Work With a Trusted Partner

When you work with an Arcserve technology partner, you gain access to local, regional, and even global expertise surrounding best practices for your infrastructure, cyber defenses, data protection, and data resilience efforts.

Our technology partners include managed service providers (MSPs), resellers, and IT consulting firms whose only goal is to help their customers—like you—choose and deploy the right solutions for your school, regardless of the size of your student population, school, or district. And they can provide ongoing, cost-effective support to ensure your school’s data is always safeguarded.

Regardless of whether you get outside help, let’s look at the other essential data protection practices you need to address.

2. Update Your Disaster Recovery Plan

Preparation is your best defense against a data disaster. If you don’t have a plan, do it now. If you do, year-end is the perfect time to pull it out and ensure it’s up to date. You’ll find a step-by-step checklist for IT disaster recovery planning in this post and a deeper dive into the ten things you need to include in your business continuity plan checklist here.

Arcserve technology partners bring extensive experience that can help you put a plan in place so you can be confident that if disaster strikes, you can recover quickly. Once you have your plan updated, test it regularly. You’ll sleep better at night knowing you're ready for anything.

3. Tighten Your Cyber Defenses

You also need to shore up your cyber defenses—firewalls, antivirus and anti-malware software, and endpoint protections—with technologies that fit your budget. Again, Arcserve partners understand that everyone works within a budget, and they are adept at helping you choose cost-effective technologies and solutions that protect your data.

4. Teach Your Staff and Students About Cyber Safety

An astounding 82 percent of data breaches involved the human element—including social attacks, errors, and misuse—according to the Verizon 2022 Data Breach Investigations Report. That’s why you need to train everyone—students, staff, and teachers—about good cyber hygiene practices and how they protect everyone’s information. Check out this post for a list of five valuable internal training trips we put together for fighting ransomware.

5. Add Immutable Backups

No matter how simple or complex your IT infrastructure is, immutable backups should be at the top of your technology checklist. Immutable backups are saved in a write-once-read-many-times format that can’t be altered or deleted. Even if ransomware takes down your systems and locks up your data, you can count on your immutable backups for certain recovery.

Make a Resolution for a More Cybersecure 2023

Whether you work with an Arcserve technology partner or have the internal expertise to get it done, make 2023 the year you deploy the cybersecurity, disaster recovery, and data resilience capabilities that will keep your school or district from becoming another statistic.

To learn more about Arcserve data protection and resilience solutions, check out our on-demand demos and free trial offers.