We live in a world where the value of student data is on the rise, and with that upward trend, it’s important to understand that the risk of an attack is more likely than ever.
What school systems need to understand is that disaster recovery in the K-12 setting isn’t the same as it is in a Fortune 500 company or a non-profit. Schools often have more critical software applications distributed across multiple locations and technology systems.
They also may be facing budgetary issues that prevent them from implementing the latest IT updates and new versions of said software applications.
With these unique challenges in mind, here are four areas you should be thinking about as you put together a master plan for your disaster recovery strategy.
1. Use Cloud-Based Disaster Recovery as a Safeguard
Cloud-based disaster recovery is one of the best options for K-12 systems to implement a disaster recovery plan.
Disaster recovery as a service (DRaaS) is a solution that makes it easy for schools to back up student records and software without requiring a second location to house additional servers.
With DRaaS, when systems go down, they fail to affect the cloud, allowing uninterrupted access to student records, essential software programs, and more.
What’s great about cloud-based recovery is that it’s also a very affordable solution for schools that don’t have a whole lot of extra funding. Frequent cloud-based back-ups make it easy for teams to recover from denial-of-service attacks like this Mt. Zion hack where a student disrupted service by launching a malicious app on his phone. It’s also one of the best ways to ensure that even in the event of a fire, flood, or physical attack, your school system won’t lose its data.
2. Natural Disaster Recovery
While the first thing you think about when a natural disaster hits is safety and shelter, disaster preparedness also involves looking at how you can access records and get reconnected once it’s safe to head back to the classroom.
Without a sound IT strategy in place, you risk losing everything. Hurricane Katrina furnishes one of the worst examples in recent history, with massive levels of destruction that, according to the Washington Post, literally washed away the school system.
As of 2015, nine out of 10 public school students were attending charter schools in the wake of the disaster. Compare that to the 2.5% of students who attended a charter school back in 2004 before the hurricane struck.
What can schools do to make sure they avoid some of these pitfalls? A lot of it boils down to frequent backups but also coming up with a plan for replacing hardware and getting systems back online. This process, sometimes known as a Continuity of Operations plan, is separate from the emergency preparedness plan aimed at keeping people alive following a natural disaster.
Putting together this plan involves mapping out IT solutions that get students back in the classroom. Without a continuity plan, school systems may be faced with long wait times for government aid, as we’ve seen in the aftermath of Hurricane Maria.
3. Preparing for a Ransomware Attack
Ransomware is a real threat to K-12 schools. If you think about it, there is a certain logic that applies here. Look back at some of the recent headline-making cyberattacks like Baltimore, Atlanta, and others: cybercriminals often target city governments or public resources like hospitals and airports.
The idea is that these types of organizations may be more likely to pay up in order to move forward, like this 2018 incident in which a Massachusetts school district paid $10,000 in bitcoin to unlock their system.
According to the US Department of Education, in 2016, 60% of K–12 schools that were hit with a ransomware attack paid off attackers to regain access to their data.
The department has responded with a number of resources to encourage better cybersecurity practices. What’s more, those school systems that fail to implement security safeguards risk losing Title IV funding.
To protect against the rising threat of ransomware, K-12 systems should, of course, make sure that they perform frequent back-ups. They should also work with an IT team to ensure they can quickly rebuild infected endpoints to return the system back to normal. Beyond that, educational systems need to be vigilant, updating software when new patches are released and performing penetration testing to identify vulnerabilities.
4. Data Breaches in the School System
According to data from the Cybersecurity Resource Center, there were 122 cyber attacks on K-12 institutions in 2018, which averages out to one attack every three days.
This is happening more and more because schools are a central hub for sensitive information concerning students, parents, teachers, and staff.
That information includes things like social security numbers, medical records, names, and dates of birth.
To protect your network against a data breach, you’ll want to include the following components in your disaster recovery plan:
- Implement a BYOD Plan: Educational systems depend on mobile technology, with hundreds, if not thousands of connected devices on the network at once.
- Back up data: It’s good advice worth repeating. In the event of a breach, school systems can revert to the most recent backup from before the attack took place, suffering minimal losses and quickly getting back on track.
- Set up remote protection: Remote protection keeps devices safe while on the go. Often, students and staff take their computers home or use them in a public place.
- Require strong passwords: This is a simple, yet effective way to prevent hackers from breaking into the system. Consider using a two-step authentication process to protect sensitive data and be sure to train employees not to keep passwords stored on their desktop or on a hand-written note taped to their workstation.
- Limit access to sensitive information: Data breaches aren’t always the result of a well-planned hack. Often, it’s employees that inadvertently leak sensitive information and put their network at risk, as was the case in this Pennsylvania data breach that exposed the sensitive information of 360,000 students, staff, and teachers. As such, you’ll want to make sure that access is doled out on a “need to know basis.”
How Lockstep Can Help K-12s Prepare for the Worst
For K–12 schools, recovering from any disaster—whether it be physical or digital—can be a heavy burden on IT teams, educators, and admins.
And, because many schools have limited resources, disasters can result in long periods of down time and difficulty returning to some semblance of normal.
At Lockstep, we have a proven track record of helping school systems, both K-12 and university networks. As such, we have a deep understanding of the unique challenges facing educational systems and how to prepare your IT infrastructure for the worst. Contact Us to learn more about our approach to educational IT.
Lockstep Technology Group is an IT consulting firm that partners with IT leaders in planning, developing, and implementing enterprise-class technology solutions.