5 Lessons in Ransomware Mitigation: Why Schools Need a Better Backup and Disaster Recovery Solution

FEBRUARY 13TH, 2020
Educators have plenty on their hands these days without also having to worry about ransomware. Unfortunately, that’s one worry that isn’t going to go away anytime soon. More than 500 schools were hit by ransomware attacks through Q3 2019. These schools paid dearly, in either ransoms or the cost of rebuilding their data, wasting precious dollars that are sorely needed for classroom basics. How many precious dollars? One Long Island school district shelled out $88,000 in cryptocurrency to get its data back. That’s despite having antivirus software and firewalls in place. Ouch. Education is consistently ranked in the top 10 industries targeted by cybercriminals, so the threat is very real. Unfortunately, education is also ranked as the worst in cybersecurity out of 17 major industries. It doesn’t look like that will change anytime soon: A survey of K-12 CTOs by the Consortium for School Networking found that more than 70 percent of the respondents don’t see a serious threat from ransomware attacks, data breaches, malware, and distributed denial-of-service attacks. And only 19 percent have a cybersecurity plan in place. That needs to change. For those districts that have recognized the problem and implemented preventive security measures—as was the case in Long Island—there are still no guarantees that a school’s data can’t be compromised. All it takes is a simple click by a teacher or administrator, and a malicious link or email attachment triggers an attack. With the school’s data held as a hostage, there may be few choices for remediation. And, while the trouble is added up in dollars and cents, the reality is much more painful. Las Cruces Public Schools in New Mexico has been attacked three times in the last six years. The last attack, in October 2019, forced the district to reformat and reinstall operating systems on 30,000
inline
devices. Just imagine the cost and lost productivity that caused. Fortunately, there are backup and disaster recovery (BDR) solutions available today that mitigate the results of ransomware attacks. Even better, these highly effective solutions won’t break a school’s limited IT budget. With that in mind, we’d like to share some important lessons you should take into account as you evaluate BDR solutions for your institution:Lesson 1: Demand frequent backupsFirst and foremost, daily backups are a must-have. It’s best to choose a “set it and forget” solution, one in which incremental backups are frequent (daily is good; multiple times a day is even better). That way, if an attack is successful, you can easily go back in time and restore your data, just as it was before it was compromised.Lesson 2: Back up locally and offsite Best practices dictate that your data should be securely backed up both locally and on a remote offsite server. This strategy ensures that your data is safe, even if your primary backup is compromised. If budget permits, a hybrid solution that includes both local and cloud backups is optimal because it ensures that your data is always available, and you’ll never run out of backup space.Lesson 3: Choose continuous data protectionA BDR solution that makes immutable snapshots—copies of your data that can’t be altered or deleted—every 90 seconds ensures continuous data protection. That’s your best bet for limiting the impacts of a security breach. Choose a solution that de-duplicates and replicates data for a reduced storage footprint and added security respectively.Lesson 4: Find a solution that grows with youSchools, like all organizations today, are generating more and more data. Tight budgets demand a solution that is affordable and meets both your current and future storage requirements. Look for a “scale-out” solution that lets you start with the storage capacity you need today, while making it easy to quickly and seamlessly add more storage as your needs grow.Lesson 5: Remediation should be fast and easyIf a ransomware attack is successful, there’s no time to waste. Get your school up and running quickly by choosing a solution that makes it easy to restore backed-up data in seconds with a click. The most important lesson for schools today is that a solid backup and disaster recovery plan is critical if you want to contain the consequences of a successful ransomware attack. If you haven’t already created one, get started today. With a BDR plan in hand and an effective technology solution in place—taking the lessons we’ve shared above into consideration—your school is ready to be tested by a ransomware attack. And you can be confident you’ll get high grades for your response.