Security

How K–12 School Districts Can Best Prepare for Ransomware Recovery

An attack becomes more likely for K–12 school districts as the value of student data goes up.

Karen Scarfone is the principal consultant for Scarfone Cybersecurity. She provides cybersecurity publication consulting services to organizations and was formerly a senior computer scientist for the National Institute of Standards and Technology (NIST).

No matter how many layers of security school districts put in place to stop ransomware, it’s inevitable that, at some point, an endpoint will be infected. Since January 2016, there have been 355 cybersecurity-related incidents against K–12 schools, including ransomware attacks, according to the K–12 Cybersecurity Resource Center.

In 2016, 60 percent of K–12 schools hit with ransomware decided to pay attackers in order to get back control of their data, according to analysis from the Department of Education. In response, the Education Department has responded with a number of resources to encourage better cybersecurity practices.

That's not the only funding at risk. Schools that don't protect student data may lose Title IV funding, the Education Department announced.

No matter what, data can be left vulnerable. Recovery strategies should be planned for and tested before a breach occurs.

Invest in Backups to Help Recover After an Attack

If unique, hard-to-replace data files are stored on an endpoint, users should back up those files regularly. That’s a recommended practice even outside the threat of ransomware.

Creating a backup plan can be complicated, especially when dealing with large quantities of data.

However, by investing in proper planning, districts can ensure that if ransomware encrypts an endpoint’s files, there will be no need to potentially pay a ransom to recover the files. Instead, schools can simply restore the data from the last backup.

Create Avenues for Quick Endpoint Recovery

School districts also should be able to quickly rebuild ransomware-infected endpoints, which would wipe out the ransomware and return the endpoint to a clean state.

As with backups, school districts should already have the ability to rapidly rebuild endpoints and ensure they’re properly secured, because the same actions are needed for many malware-infected endpoints.

When creating a recovery system, it is important to have recovery time objectives and recovery point objectives in mind, according to Unitrends.

Your RTO is the most amount of time a district can afford to be without access to its data or systems, while RPO refers to the most amount of data a district can afford to lose. By setting up recovery solutions built with RPO and RTO in mind, IT teams can ensure the damage sustained from a ransomware attack will be minimal.

Disaster Recovery as a Service Can Help Ease the Burden

For K–12 IT teams in some districts, picking up the pieces after a ransomware attack can be a heavy load — and, with limited resources, may take longer than administrators would like.

To help districts, some companies offer Disaster Recovery as a Service as part of their platforms. Microsoft, for example, has DRaaS services incorporated into its Azure cloud platform.

To learn more about data protection, read “Technologies Schools Must Have to Stop Ransomware.”

djedzura/Getty Images