How Schools Can Win the War on Ransomware

MAY 4TH, 2022

The Cybersecurity Grants for Schools act of 2022 was introduced into Congress in March and is working through the legislative process. The Act would require the director of the Cybersecurity and Infrastructure Agency (CISA) to distribute federal funding to state and local schools to educate people about the cybersecurity landscape better. That’s a great start. But on its StopRansomware website, CISA also says that ransomware and other cyber threats against K-12 educational institutions continue to increase. Sophos State of Ransomware 2022 report puts a number on it, with 56 percent of its survey respondents from K-12, primary, and secondary schools reporting they were hit by ransomware last year.

With those odds, schools that haven’t already taken action to prevent and respond to ransomware attacks need to get going today. An excellent place to start is, once again, CISA’s StopRansomware site, where you’ll find a wealth of reference materials of value to school and school district IT and cybersecurity managers, system administrators, and other technical staff. These guides are an excellent first step in protecting your school’s data from ransomware and other cyber attacks. The site also offers reference materials for parents, teachers, school administrators, and students, so it’s worth visiting.

Backups Don’t Solve Everything

The Sophos study also found that 45 percent of those schools that did get hit by ransomware didn’t have backups and paid the ransom. But even those that paid the ransom only got a little over 60 percent of their data back. Losing 40 percent of your data is going to hurt any educational institution. The same study found that 76 percent of lower education organizations use backups. A recent Forbes article may explain the apparent discrepancy in these numbers, noting that most ransomware attacks now target backup systems when they encrypt your data to prevent you from recovering. So, some of those schools whose data was backed up may have had their backups encrypted.

With your backups rendered useless, your school could have no choice but to accept that your data is lost because every expert—and CISA—will tell you never to pay the ransom.

The 3-2-1-1 Backup Strategy: Immutability Saves the Day

Most IT pros are familiar with the 3-2-1 backup strategy. But, with ransomware now targeting backups, it’s no longer enough. We strongly recommend implementing the new 3-2-1-1 backup strategy because it’s your best defense against becoming a ransomware victim.

The basics are common sense. Keep three copies of your data, one primary and two backups. Store two copies locally in two formats, such as network-attached storage or tape. For schools, tape may be a good option for this purpose, given that it is both inexpensive and reliable. And store one copy offsite, with the cloud being one of your best options. But that last number, “1,” isn’t the loneliest in this case; it’s the most crucial because it says that one copy of your data should be stored in an immutable format.

When a backup of your data is saved to an immutable object store, it is in a write-once, read many times format. That means the file can’t be altered or deleted. So even if ransomware attackers get through all of your defenses—even to your backups—you can be confident that your data will be secure and available so you can recover.

Because immutable storage is only part of the equation, we recommend reading this post that explains the elements of a comprehensive ransomware protection strategy.

Teach Everyone About Cybersecurity

Because the human element is involved in 85 percent of data breaches, including ransomware attacks, it’s also essential to create a cybersecurity training course for teachers and provide them with classroom curricula they can share with their students. Here are some of the basics everyone needs to know:

  • Ransomware

Ensure your teachers and staff understand how ransomware works and recognize common attacks that target student data and other elements of school networks.

  • Phishing

Explain phishing, its impacts, and how to spot typical educational phishing schemes. Training should also include instructions for specific steps to be taken if someone receives a potential phishing scam and how to respond if someone falls victim to a successful phishing attack.

  • Password safety

Make sure everyone understands the importance of using strong passwords, changing passwords regularly, and making certain devices used for teaching are password-protected.

  • Wi-Fi

Share processes for safely connecting remotely and explain why public and unsecured wi-fi networks risk exposing student data.

  • Device updates

Updates and patches are frequently released to help keep devices secure. Help your teachers and staff understand the importance of maintaining the software on their devices up to date.

Like their students and everyone else, teachers will pay closer attention to the training if they know there will be a quiz at the end. Test your teachers regularly to make sure they understand data security policies and procedures.

Get Help Getting the Right Answers

With tight budgets and constant change, choosing the right technologies and strategies to protect your school from ransomware isn’t easy. Get started by finding an expert Arcserve technology partner to help guide you along the way, or contact us to learn more about our data protection products for schools.