School Is Back in Session: Is Your School’s Data Safe?

The K-12 cyber incident map put out by the K-12 Cybersecurity Resource Center should make every IT pro that is responsible for his or her school’s data protection take pause. Schools in every state suffered attacks. Here’s a statistic that is even more frightening: As of this writing Microsoft Security Intelligence’s global threat activity map says there were 89,916,978 devices with malware encounters in the last 30 days!

Scroll down the same Microsoft webpage a bit and you’ll see a bar chart with “most affected industries” from enterprise malware encounters, also in the last 30 days. If you’re an IT pro working in education, that very, very long bar at the top shows the scale of the problem. There were 5.6 million encounters in education, nearly 63 percent of all incidents. The next affected industry shown on the bar chart, business and professional services, faced a mere 856,000 incidents. That means education was hit eight times more frequently than business and professional services! So, the pop quiz of the day is, how do you protect your data now that school is back in session? Here are a couple of tips.

Teach Your Teachers About Cybersecurity

Verizon’s 2021 Data Breach Investigations Report concludes that 85 percent of breaches involved a human element. That means no matter what malware prevention and data protection technologies you put in place, one click on a malicious link or infected attachment and your school’s data could be locked up and held for ransom.

That’s why it’s worth creating a cybersecurity training course for teachers and other school employees. An online approach may be best so the training can fit into everyone’s schedule. The course should cover how attacks that compromise student data can cause long-term issues—like identity theft—and provide specific guidance in these topics:

• Ransomware
  Make sure your teachers and staff understand how ransomware works and recognize common attacks that target student data and other elements of school networks.
• Phishing
  Explain what phishing is, its impacts, and how to spot common educational phishing schemes. Training should also include instructions for specific steps that should be taken if someone receives a potential phishing scam and how to respond if someone falls victim to a successful phishing attack.
• Password safety
  Make sure everyone understands the importance of using strong passwords, changing passwords regularly, and making sure all devices used for teaching are password-protected.
• Wi-Fi
  Share processes for safely connecting remotely and explain why public and unsecured wi-fi networks risk exposing student data.
• Device updates
  Updates and patches are frequently released to help keep devices secure. Help your teachers and staff understand the importance of keeping the software on the devices they use up to date.

Like their students and everyone else, teachers will pay closer attention to the training if they know there will be a quiz at the end. Test your teachers regularly to make sure they understand data security policies and procedures.

Leverage Immutable Storage for Your Backups

When it comes to the human side of data protection all you can do is make sure everyone understands their role. But on the technology side, there are some vital steps you can take immediately to ensure that your school’s data is always protected and can always be restored. For example, StorageCraft, an Arcserve company, offers OneXafe, an efficient storage infrastructure for backup and archival data that takes immutable snapshots of your data. Immutable snapshots can’t be encrypted or deleted by ransomware attacks. So, if you ever need your data, you can be certain it can be restored.

OneXafe gives your school a single infrastructure that integrates advanced features and backup capabilities that are simple to use. You also benefit from OneXafe’s encryption of your data at rest and disaster recovery with wide-area network (WAN) optimized replication. OneXafe can also reduce your storage costs with inline deduplication that can deliver up to 10x data reduction rates, depending on the type of data. And it offers a scale-out approach that helps you overcome budget constraints by letting you add storage only when you need it.

Get the Facts

With tight budgets and IT time constraints a little expert help can go a long way. A little expert help can go a long way. Consider talking to a StorageCraft data protection expert for ideas you can put in place to protect your data no matter what now that school is back in session.