How K–12 School Districts Can Best Prepare for Ransomware Recovery

As the value of student data goes up, a ransomware attack becomes more likely for K–12 school districts, which means IT teams need to be prepared when it comes time to rebuild.

No matter how many layers of security school districts put in place to stop ransomware, it’s inevitable that, at some point, an endpoint will be infected. Since January 2016, there have been 355 cybersecurity-related incidents against K–12 schools, including ransomware attacks, according to the K–12 Cybersecurity Resource Center

In 2016, 60 percent of K–12 schools hit with ransomware decided to pay attackers in order to get back control of their data, according to analysis from the Department of Education. In response, the Education Department has responded with a number of resources to encourage better cybersecurity practices. 

Most recently, the Education Department announced it would strip any K–12 school district or higher education institution of Title IV funding if it did not adhere to “reasonable methods” to protect student data.

But accidents happen, and data can be left vulnerable. Staff should prepare for this possibility by planning and testing recovery strategies well in advance.

Invest in Backups to Help Recover After an Attack

If unique, hard-to-replace data files are stored on an endpoint, users should back up those files regularly. That’s a recommended practice even outside the threat of ransomware. 

Creating a backup plan can be complicated, especially when dealing with large quantities of data. 

However, by investing in proper planning, districts can ensure that if ransomware encrypts an endpoint’s files, there will be no need to potentially pay a ransom to recover the files. Instead, schools can simply restore the data from the last backup. 

Create Avenues for Quick Endpoint Recovery

School districts also should be able to quickly rebuild ransomware-infected endpoints, which would wipe out the ransomware and return the endpoint to a clean state. 

As with backups, school districts should already have the ability to rapidly rebuild endpoints and ensure they’re properly secured, because the same actions are needed for many malware-infected endpoints.

When creating a recovery system, it is important to have recovery time objectives and recovery point objectives in mind, according to Unitrends.

Your RTO is the most amount of time a district can afford to be without access to its data or systems, while RPO refers to the most amount of data a district can afford to lose. By setting up recovery solutions built with RPO and RTO in mind, IT teams can ensure the damage sustained from a ransomware attack will be minimal.

Disaster Recovery as a Service Can Help Ease the Burden

For K–12 IT teams in some districts, picking up the pieces after a ransomware attack can be a heavy load — and, with limited resources, may take longer than administrators would like.

To help districts, some companies offer Disaster Recovery as a Service as part of their platforms. Microsoft, for example, has DRaaS services incorporated into its Azure cloud platform.

To learn more about data protection, readTechnologies Schools Must Have to Stop Ransomware.”

djedzura/Getty Images
Aug 20 2018