Educational institutions of all sizes, pedigree and location are susceptible to ransomware – indeed they have become one of the most targeted verticals for attack. Higher education organisations are especially susceptible to these attacks due to the extensive personal, research and proprietary data available.

Frequently, Campus IT networks are open-nature with broad use of social media by students and employees. There are often limited network controls in place, compared with other targeted industries and as a result, these networks are both vulnerable and enticing for hackers. Beyond the use of sophisticated attack techniques, like social engineering, ransomware has been driven by key factors including the appearance of anonymous e-currency as a payment method and the tendency to pay the ransom.

Institutions which conduct world class research are willing to take desperate measures in defending the life work of their employees. Such academic work and research is, of course, very valuable information outside of the university. Cybercriminals know this. Research data, employee records, financial data and customer information are the most vulnerable data targeted during ransomware attacks.

Education must embrace digital technologies to keep up with their tech-savvy students, professors and academic researchers and to maintain relevance, credibility and revenue growth. But to embrace the benefits of digital transformation, they must be aware of potential threats and ensure their ability to recover and avoid the consequence of attacks. And on top of closing the gap in their cyber security programs, they must comply with many regulations on the protection of data storage and transmission imposed by governments and specialised institutions. If implemented, the following lessons give them a fighting chance:

1. Use different credentials for backup storage

Standard and well-known anti-ransomware best practice, but crucial to follow. The username context that is used to access backup storage should be closely guarded and exclusive for that purpose. Other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations.

2. Start using the 3-2-1 Rule

Have three different copies of your media on two different media sites, one of which is off site. This will help address any failure scenario without requiring specific technology. Moreover, you should ensure that one of the copies is air-gapped, i.e., on offline media.

3. Have offline storage as part of the strategy

One of the best defences against propagation of ransomware encryption to the backup storage is to maintain offline storage. There are numerous offline (and semi-offline) storage options. These include:

• Tape – completely offline when not being written or read from
• Storage snapshots of primary storage – semi-offline technique for primary storage
• Cloud – a different file system, authenticated differently and off site
• Rotating hard drives (rotating media) – offline when not being written to or read from

4. Leverage different file systems for backup storage

Having different protocols involved can be another way to prepare for a ransomware attack. It’s imperative that users add backups on storage that require different authentication. Having a Linux system functioning as a repository is a good example.

5. Achieve complete visibility of your IT infrastructure

One of the biggest fears of ransomware is the possibility that it may propagate to other systems. Visibility into potential activity is of massive value – for example, a pre-defined alarm which triggers if a typical ransomware pattern is identified.

6. Use a backup copy mechanism

Backup copy allows you to create several instances of the same backup data in different locations, whether onsite or offsite and with different restore points and retention rules.

7. Educate all employees on ransomware not just your IT staff

Social engineering and phishing schemes are effective when companies do not educate employees on the dangers of ransomware nor the specific activities that leave the company vulnerable.

Institutions should be aware of the importance of backup, recovery and replication, and reducing the risk of downtime because access to academic material must be ready anytime, anywhere and from any device. We partner with Veeam Software as the innovative provider of solutions that deliver ‘Availability for the Always-On Enterprise’. Customers save time, mitigate risks, and dramatically reduce capital and operational costs.

‘Ransomware: Educating the Educators’ extracts taken from the Veeam whitepaper entitled ‘7 Proven Resilience Best Practices against Ransomware for Education’