More than 284 schools were hit by successful ransomware attacks between January 1 and April 18 of this year. That was before schools shut down across the country due to COVID-19. Responding to this crisis has forced schools to embrace distance learning, and it is quickly becoming the norm for educating our children during the pandemic.
As a recent article in Dark Reading starkly points out, distance learning makes schools more vulnerable to ransomware, giving schools one more thing to worry about. Attackers understand that educational institutions can’t fall back to in-person teaching. That puts intense pressure on schools to pay the ransom to regain access to their data if attacked. What’s worse, school district IT staff are most likely already overloaded just supporting their existing systems without the added burden of distance learning. That means they are probably not monitoring their networks as closely as they typically would.
With so many moving parts and constant change, how can schools protect their data and their students’ privacy from ransomware? Here’s our checklist:
1. Plan Ahead
No matter what technology solution you may have or choose for backup and disaster recovery (BDR), preparation is by far the most critical element for minimizing the impacts of an attack. So if you don’t already have one, create a backup and disaster recovery plan that ensures you can meet the challenges that come with ransomware attacks head-on.
2. Teach Everyone About Ransomware
Getting ransomware onto a school’s systems can be easily accomplished via social engineering attacks, like phishing. All it takes is for one person on the school’s network to click on a malicious email link or attachment. Hackers have gotten so sophisticated that it can be extremely hard to know if an email is legitimate.
How do you make sure your school doesn’t become a victim? Educate students, parents, teachers, and administrators to be suspicious of unsolicited emails asking for personal or district information. The U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency also offers these training tips:
- Always verify the identity of any suspicious senders before clicking on any links or downloading attachments
- Never provide personal or district information without that verification
- If unsure if an email is legitimate contact the IT administrator
3. Assess Your Backup and Disaster Recovery Solution
While many schools have some form of backup for their data, with tight budgets and limited IT resources these critical systems may be outdated. Now is the time to assess your current BDR strategy, and make sure you have the technology in place that helps you recover quickly.
4. Take Frequent Backups
While every school should have a backup and disaster recovery plan in place, making sure that plan will work when it’s needed means backing up at least daily, but multiple times a day is even better. That way, if an attack is successful you can easily go back in time and restore your data, just as it was before the attack.
5. Backup Locally and Offsite
If your primary onsite data repository is compromised you could be out of luck. That is unless you’ve followed best practices and have diligently backed up your data offsite, too. With a second copy of your data securely stored separately, you can still recover, even if your primary backup is compromised. If budget permits, combining local, offsite, and cloud-based backups are your best insurance against attacks, ensuring you can always recover, no matter what, and that you’ll never run out of backup space.
6. Continuous Data Protection is Best
A converged data protection and storage solution that takes frequent immutable snapshots—backup copies of your data that can’t be altered or deleted—ensures continuous data protection. StorageCraft® OneXafe® offers this valuable feature. OneXafe also deduplicates and compresses your data, reducing your storage requirements and costs.
7. Scalability is Important
With so much more data being generated offsite thanks to distance learning, the ability to quickly scale to meet increased storage demands is also critical. Solutions like OneXafe that use a scale-out strategy are likely your best bet for solving this problem. Scale-out storage lets you add capacity as your needs grow so your budget doesn’t take a big hit all at once, and it also makes scaling a snap because you can seamlessly add drives as needed.
8. Remediation Must Be Easy
If a ransomware attack succeeds, it’s critical to get your school back online as fast as possible. So choose a converged data platform like OneXafe that lets you recover instantly with a single click.