Asset Notebook Warehouse SecurityAccess PDC-final PDC Upcoming AdjustedSection AttendanceType ClosedSection Comment CurrentOpening DiscardScore DroppedAssignment DroppedSection InProgress MissingScore NoCount NotConnected OpenConflicts OpenSection RetainGrade ScheduledClass ScoreClarifier TransferGrade Unused VerticalSplit StudyHallScheduler SaveStyle SaveRun RunReport Rounded Link FoodMenu Diploma ClassMessage ChangeSection Bus Books Book Attachments RestrictedAccess Unpublish Publish Number0 Lightbulb GradPlanReq AVID Levels Headstart Military Number9 Number8 Number7 Number6 Number5 Number4 Number3 Number2 Number1 LetterZ LetterY LetterX LetterW LetterV LetterU LetterT LetterS LetterR LetterQ LetterP LetterO LetterN LetterM LetterL LetterK LetterJ LetterI LetterH LetterG LetterF LetterE LetterD LetterC LetterB LetterA Exclamation Ellipsis Cart-new Guidance History Unsubscribe Timespan ApproveDeny Noncritical PendingChanges CartLoad CartUnload ClearLeft nextArrow IHP Keyboard Email Unlink NSE AtRisk LEP Substitute Hourglass AddPlusLines QueuePeople Release Currency Percentage Comma IncreaseDecimal DecreaseDecimal ReleaseCompleteLater WOOF-Tile Out-Tile In-tile Break-Tile SwitchJobs-Tile TOOF-Tile Stethoscope ClipboardPencil CourseRequest Contact EmergencyContact AddPage ChangeLog Paintbrush Hide DeselectAll SelectAll UpdateBack UpdateAccounting Reselect Unschedule RollbackBudget AdvanceBudget Adjust AdjustDrop NSFCheck Private Rebuild Build AddHeader2 DontSave Draggable Stop GraduationRequirements Password Aggregate SpecialEducation Section504 PartiallyEnrolledDropped Import ReplaceReport InsertImage DropClass ScheduleChanges PartiallyEnrolled Activate Deactivate Split StudentProfile Impersonate TestScores AddCourseRequest AutoSchedule ReplaceSection Selection Revert Export DesignReport AddMainSection AccountReceivable Transparent Twitter Uncompress Underline Undo Unlock Update Upload User Utilities Vendor VerticalBottomAlign VerticalCenterAlign VerticalTopAlign View ViewCourseList Void Warning Workflow YearEnd AccountPayable ActivityAccess AddCourseList AddNote AddPlus AdminAccess AdvancedSecurity Analytics ApplySchemaChange ArrowDown ArrowLeft ArrowRight ArrowTriangleDown ArrowTriangleLeft ArrowTriangleRight ArrowTriangleUp ArrowUp Attendance BatchAndConfirm Bold BorderBottom BorderColor BorderLeft BorderRight BorderTop Breadcrumb Budgeting Calculate Camera Cancel Cart CenterAlign Check CheckBox CheckBoxPartial CheckBoxUnchecked CheckmarkConfirm ChevronDown ChevronLeft ChevronRight ChevronUp Clear ClearFilter Clone Close ClosedFolderAlt ClosedGrading Collapse CollapseAll ColumnHeight Columns ColumnWidth Community Compress Conflict Consolidate Curriculum Customization Date Default Delete Demographics DialogPrompt Discipline District Dock DockClose Download DropDate Edit Education ELogoColor Employee EmployeeAccess Enrollment Error Excel Expand ExpandAll Facebook Family FamilyAccess Fee FileSettings FileUtility Filter FontBackgroundColor FontColor FoodService Globe GooglePlus GradeBook Health Help Home Image In Info inlineEdit Italicize LeftAlign Legend Lock Lunch MainMenu ManageFiles MassAssignClose MassAssignOpen MassChange MenuCollapsed MenuExpanded MissingAssignment Money NewStudent NewStudentImport NewWindow NoImage Number OneToMany OpenFolderAlt Out Override PaddingBottom PaddingLeft PaddingRight PaddingTop PageBreak PagerArrowBackward PagerArrowForward Pause Payroll Position PrintAvailable ProcessInBackground Purchasing Queue Redo RemoveAllStudents RemoveCurrentStudent RemoveDocument Reorder ReportCard Reporting Reports RequestEdits Resume RightAlign RowAction RowOpen Save SaveAndBack SaveAndForward ScheduleBuilder School Search SecuritySmall Select Separator Settings Signature SignIn SignOut Speedometer SportsLink StarOutline StarShortcutMenu StarTenPoints StateReporting StudentAccess StudentGrades StudentSchedule StudentViewAll SubReport SuperUser TeacherAccess Text Ticket TileBrowse Time TimeOff Transfer Account

School Districts for Ransom

Prevention is the name of the game when it comes to battling ransomware. Cover your bases by securing effective backups, training (and retraining) your staff, and considering secure cloud storage.   

Nickey Pietila

AK12ET Blogger

Ransomware – it’s malicious alright.   


Threatening destruction and demanding a sum of money isn’t a new tactic, but ransomware is one foe you can expect to become more prevalent and more sophisticated. Prevention is the name of the game when it comes to fighting this threat. You know the drill – back up your data, train your staff, run your updates.
But the devil is in the details – backups are crucial, but how often is often enough? What kind of staff training can reduce risk? And what’s the role of cloud storage in your security strategy? Find out how you can put up a smarter fight against the threat of ransomware. 

Back It Up

Not all backups are created equal. If you back up your systems just once a week, or even every other day, you could be leaving days of data unprotected – and in a school system, a lot can happen in that amount of time. Say your system does perform hourly or nightly backups, but all the data is stored on the same network. When that network becomes the unfortunate target of a ransomware attack, your primary data and your backup are both in jeopardy.  
Abiding by the mantra “early and often” helps ensure your backups actually help protect you in case of a ransomware attack. So how early? Yesterday is ideal, but today comes in at a close second. And how often is often enough? Nightly backups are fairly standard, but it’s important to consider the consequences of losing different types of data.
It might be time to revisit Peter Krogh’s 3-2-1 rule and plug any holes in your backup plan. You’ll want at least 3 copies of your data stored on 2 different types of storage, with at least 1 copy stored offsite. Some information matters more, so build a safety net for that data first.
Pro tip: Some backup solutions labelled as “continuous” might actually use periodic snapshots, so you could still lose some data. Take care not to “set it and forget it,” either. We’ve seen districts that thought they were running nightly backups, only to find out after a ransomware attack hit that the process wasn’t working as intended.  If you’re storing data on premise, make sure your restoration process is well documented and accessible to anyone who might need it.

Ransomware Cartoon

Basic Training

We all want to do what’s most convenient. If your staff isn’t constantly reminded of the reasons for security practices like complex password requirements and mandatory updates (you know, the foundational security practices you’ve been preaching for years), these requirements might start to seem tedious. 
You can help your staff bend toward their better natures by sharing how your security recommendations and requirements contribute to a more ransomware-proof network. When someone understands how delaying updates, clicking on suspicious emails, or leaving their workstation unlocked can leave the whole district vulnerable, they’ll be more likely to adopt some new habits.
What kinds of training reduce risk? Despite its prevalence, we all know that one-and-done, sit-and-get instruction doesn’t do much for employees. Continuous, interactive training – think simulated phishing attacks, periodic malware quizzes, and illustrations of technical security topics – get the best mileage. Armed with a set of security best standards and some basic training, your staff can become a stronger front line in the battle against malware.
Pro tip:
Reducing your malware risk probably isn’t a main reason to strive for a culture of open communication – but it’s not a bad side effect. We’ve spoken to district tech leaders who have prevented the spread of malware through simple word-of-mouth and strong internal follow up. A simple “hey, don’t click on that” message can prevent a lot of headaches.  

Updates Cartoon

Cloud Confident

The threat of ransomware becomes less onerous when you know you can count on your storage solutions. The growing percentage of districts putting their confidence in secure cloud solutions is a testament to how labor intensive the push for security has become. Better backups, easier updates, and the peace of mind that comes from knowing the possibility of failure at a local level has been eliminated are just a few reasons moving your district’s software services to the cloud might be a smart move.
Whether you’d like to take hardware upgrades off your to-do list for good, stress less about updates, or reduce downtime in case ransomware does strike, it might be a good time to reexamine your hosting and storage setup. You’ll sleep better knowing you have safeguards like daily offsite backups, infrastructure monitoring, and geographically diverse data centers in place.   
Since cloud computing is here to stay, it’s worth exploring how it would impact your security, staffing, and budget. If it has been years since you last considered external hosting, you might find that the cloud looks quite a bit more secure these days. 
Pro tip: Don’t take every cloud provider at face value. Your secure cloud provider should, at a minimum, provide infrastructure monitoring, dual-redundant firewalls, hands-off updates, and antivirus protection. Demand no less than an annual SSAE SOC 1 or SOC 2 audit to ensure continued compliance and alignment with up-to-date security practices.

Cloud Cartoon

The fight against the ransomware threat requires bridging the gap between those who spend their days immersed in security topics and those for whom security issues are mere headlines. As an IT leader, there’s a lot you can do ahead of time to mitigate risk, but your staff will always be your front line in the ransomware fight.

Brush up on 3 more privacy and security threats with "Security Drill: 3 Threats to Watch For."


Recent articles