Data Protection for School Districts and Higher Education

Dealing with Ransomware, Hacking and other Data Loss Disasters: Pointers to Preventing Data Loss in G Suite for Education

This whitepaper will help you to:

  • Understand how and why ransomware is targeting school districts and higher education.
  • Be aware of the risk of data loss in G Suite (even when using Vault or Takeout).
  • Protect your data with a reliable backup and recovery solution.

Ransomware in Education: What, Why, and How?

What is Ransomware?

It is a type of malicious software designed to lock access to a computer system, typically by encryption. Payment is demanded before the ransomed data is decrypted and access returned to the victim. Payment is often demanded in a virtual currency, such as bitcoin, to anonymize the identity of the cybercriminal.

Whitepaper Higher Educaiton data protection
Why are educational institutions targets for ransomware?

Ransomware attacks are on the rise. 63% of organizations experienced an attempted ransomware attack in 2017, with 22% reporting these incidents occurred on a weekly basis1Ransomware attacks occur not just in business and government - they increasingly occur in education, as reported in CSO Online. This is because EDU data is largely unprotected, and can contain sensitive data such as Social Security Numbers, birthdates, and even (for Higher Ed) student loan data, making it an easy-to-access, lucrative target.

A Bitsight report2 highlighted this - Education’s cybersecurity protection is rated very poorly and is further declining (Fig. 1).

A line graph showing average security ratings over a 12-month period by industry.
Fig. 1: Average security ratings over the last 12 months by industry (Source: Bitsight)
Education, as an industry, also has the highest percentage of institutions infected with ransomware (Fig. 2).
A bar graph showing the percentage of companies in each industry with ransomware.
Fig. 2: Percentage of companies in each industry with ransomware. (Source: Bitsight)
Ransomware attacks are a serious issue for EDU, with significant compliance and legal ramifications. For example:

  • In 2016, the University of Central Florida (UCF) were sued for a data breach impacting the personal information of 63,000 individuals, both students and faculty3.
  • Two-thirds of UK universities have been attacked by ransomware hackers4.
  • A cyberattack on a UCLA server likely accessed student information5.

Because many K-12 districts have small technology budgets, have fewer resources to support cybersecurity, and have relatively open “Bring Your Own Device” (BYOD) policies, it is a challenge to protect school districts from ransomware.


How does Ransomware enter the system?

Human Error

Despite end user training in security best practices, people still click on phishing emails and related attachments which can launch ransomware.

BYOD Connections

Even if your networks and systems are protected, malware can infect it via unprotected devices and endpoints - phones, tablets, USBs - end users may connect to your systems in a more open “Bring Your Own Device” environment.

Third-party software or file-sharing Networks

The recent Petya ransomware attack (similar to the WannaCry attacks) were seeded through a software update mechanism built into a third-party accounting program. And if your organization uses collaboration suites like G Suite or Office 365, shared files can become vectors for malware proliferation.

1 ESG Master Survey Results: 2018 IT Spending Intentions Survey, December 22, 2017
2 BitSight Insights: Ransomware - The Rising Face of Cybercrime
3 63,000 Personal Records Compromised in UCF Breach, Ryan Heitsmith, March 7, 2016
4 Two-thirds of Universities Hit by Ransomware Hackers, Anthony Cuthbertson, August 24, 2016
5 Cyberattack on UCLA server potentially accesses student information, Jacob Preal, August 4, 2017


Security & Data Protection

Google and G Suite are secure - right?

If you work for one of the many thousands of educational organizations currently using G Suite for Education, you benefit from  the agility, flexibility, and collaboration G Suite provides.

Of course Google is secure, and has full disaster recovery capabilities. However, that includes recovery from their disasters (like server failure or natural disasters), not yours.

That means you are not protected from data loss if any of these scenarios happen to you:  

  • A teacher accidentally deletes their Google Sheet gradebook.
  • A bad file sync corrupts an entire year of lesson plans.
  • A colleague inadvertently overwrites another’s work in Drive.
  • When migrating to a new device, data becomes corrupted.
  • Or...if a ransomware attack locks not just one document, but EVERY DOCUMENT in a shared Drive folder, at compute speed.

“When we moved to G Suite, we knew we had to have some kind of backup. My understanding was that Google could restore your account, but there’s no guarantee that they could restore a single email or folder, and that could be critical."


Vault and/or Takeout protect us from data loss, correct?

Vault is purpose-built for archiving and eDiscovery. It is not intended to be used for easy restores for point-in-time backups, and it does not allow rapid retrieval of previous versions of data in the event of a loss. Takeout allows those using Google products to create a customized archive by exporting data to a downloadable ZIP file. However, it does not preserve “last known good” versions” to efficiently restore lost or ransomware-locked data.

For teachers, students, and administrators who need immediate access to critical information each day, backup without rapid recovery might as well be no backup at all.


The Need for Backup

Do I really need a Backup and Restore Solution?

If your organization’s data is valuable, if your organization stores data that may be subject to regulatory need to be able to rapidly restore back to the last known good version of data in the event of loss. And data loss is a growing risk.

Ransomware is on the Rise, Especially in Education
Educational institutions have been shown to have three times the rate of ransomware infections found in Healthcare, and 10 times the rate found in Finance. One in 10 educational institutions surveyed reported some form of ransomware on their networks6.
Human Error is significant
Human error is the leading cause of data loss in SaaS applications, accounting for 64% of data loss. How long would it take your organization to recover if critical information about student performance, or an institution-wide collaborative project, was lost?
As technology adoption increases, sync errors will only increase
As educators use an increasing number of apps and devices, sync errors and resulting data loss will grow in frequency and severity of impact.
G Suite Needs Backup that enables fast restore
Google says, “You have a limited time from when the data was permanently deleted to restore files and messages. After that, the data is gone forever.”
It is Your Responsibility
While Google can protect your organization from issues on their side, they cannot protect your organization from human error, sync errors, or malware and ransomware. If you’re involved in your institution’s use of G Suite, you share a responsibility for its data protection.

How do Backup And Recovery Solutions Help?

EdWeek reports that backup is the key component in reducing the risk of data loss from ransomware and other issues. . A cloud-based backup and recovery solution acts as a digital insurance policy, filling in the human error and sync error gaps in your data protection plan, and providing a secure, off-site location for backups. The best help your organization mitigate the risk of loss from ransomware by automating backups, and enabling rapid restores to the last known good point in time. . If malware does infect your network and you are locked out of your files, or if a hacker corrupts or deletes critical education data, the best cloud-based backup and recovery solutions enable rapid restores of clean versions of the files, emails, contacts, and other information you need to keep your school running.

Finding The Right Backup and Restore Solution For Your Educational Institution  

Now that you understand the importance of backup and recovery for G Suite for Education, start defining the requirements for your organization. The vendor you choose should provide you with an optimum balance of easy of use, security, value, and reliable restoration.

Feature-check your Backup and Restore Solution:

A circle diagram showing desirable features of a backup and restore solution.

Spanning Backup Client Stories from the Education Sector

Here is a sampling of feedback from some of our clients from universities, colleges and schools worldwide:

"Spanning protects confidential student data and work that could mean the difference between passing and failing their exams. A loss of data could impact their whole lives.”


Network Manager, Clifton College

“Spanning is the best tool on the market for the price, performance and features. We have selected Spanning for the last four years based on all our criteria.”


National IT Manager, CORE Education

“Using Spanning Backup has allowed me to be less concerned about risk to the documents that we put into Google Drive.”


Director of Infrastructure Services, Hamline University

“I'd recommend Spanning because the feature set, usability, price, and responsiveness of support are second to none."


University of Maryland Robert H Smith School of Business

"Working with Spanning Backup has required nearly zero effort on our part. It just works, every day.”


Technology Coordinator, St. Stephen's Episcopal School

“We rely on Spanning Backup for G Suite to quickly restore data for compliance.”


Learning Technologies Senior Manager, Catholic Education Diocese of Parramatta

“Google is an amazing product, but you need a solution like Spanning Backup to get you out of trouble."


IT Administrator, Catholic Education Diocese of Wilcannia-Forbes

6 The Rising Face of Cyber Crime: Ransomware


In Summary

In this ebook we learned:

  • What is ransomware and how it attacks our data.
  • That ransomware is zeroing in on the lucrative and unsecured Education domain.
  • The gaps in protection offered by G Suite, Vault and Takeout.
  • The ways backup and restore solutions can save the day (and the Data).
  • Features to look out for to pick the right backup solution.

Interested in learning more about Spanning Backup for Education?

Click Here