Data Protection for School Districts and Higher Education

Dealing With Ransomware, Hacking and Other Data Loss Disasters: Pointers to Preventing Data Loss in Google Workspace for Education

This whitepaper will help you to:

  • Understand how and why ransomware is targeting school districts and higher education.
  • Be aware of the risk of data loss in Google Workspace (even when using Vault or Takeout).
  • Protect your data with a reliable backup and recovery solution.

Ransomware in Education: What, Why and How?

What is ransomware?

It is a type of malicious software designed to lock access to a computer system, typically by encryption. Payment is demanded before the ransomed data is decrypted and access returned to the victim. Payment is often demanded in a virtual currency, such as bitcoin, to anonymize the identity of the cybercriminal.

Why are educational institutions targets for ransomware?

Ransomware attacks are on the rise. From May to June 2022, educational institutions experienced more than 6.1 million malware attacks, a staggering 677% more attacks than the next closest industry vertical, Professional Services. Ransomware attacks are a common scenario not just in business and government sectors, but in the education sector as well, with a focus on colleges and universities. This is because educational data is largely unprotected and can contain sensitive data, such as Social Security numbers, birthdates and even student loan data (for Higher Ed), making it an easy-to-access, lucrative target. Threat actors are increasingly exfiltrating data prior to encrypting systems, which they leverage to elicit ransom payment.

Verizon’s Data Breach Investigation Report reveals that the education sector faces greater volumes of systems intrusion attacks and attacks that result from miscellaneous errors than other industries on average (Fig.1). Distributed networks, legacy systems, BYOD policies and a mass of unsophisticated, untrained users present unique security risks to the sector.

Chart showing education data breaches patterns
Fig. 1: Top attack patterns over time in Education data breaches (Source: Verizon)
Education, as an industry, tied for the highest percentage of institutions infected with ransomware (Fig. 2).
Chart comparing ransomware attack rates across different sectors
Fig. 2: Percentage of organizations in each industry hit with ransomware. (Source: TechTarget)
Ransomware attacks are a serious issue for educational institutions, with significant compliance and legal ramifications. For example:

  • Hackers attacked and paralyzed the IT infrastructure of the Medical University of Innsbruck in June 2022. Publishing of stolen data is a concern, as it has been observed in other attacks from the suspected perpetrators..
  • More than 1,040 educational institutions fell victim to ransomware in 2021. It’s estimated employee and/or student data was stolen in approximately half of the attacks. .
  • The average total cost of a data breach in education was $3.79 million in 2021, with an average cost of $180 per compromised record of personally identifiable information (PII).

It is a challenge to protect school districts from ransomware because many K-12 districts have small technology budgets, fewer resources to support cybersecurity and relatively open “Bring Your Own Device” (BYOD) policies.


How does ransomware enter the system?

Human error

Despite end-user training in security best practices, people still click on phishing emails and related attachments that can launch ransomware. Threat actors target with increasing sophistication and leverage attack vectors beyond simply email — including malicious advertisements and SMS phishing (SMiShing).

BYOD connections

Even if your networks and systems are protected, malware can infect them via unprotected devices and endpoints — phones, tablets, USBs — that end users may connect to your systems in a more open “Bring Your Own Device” environment.

Third-party software or file-sharing Networks

The recent Petya ransomware attack (similar to the WannaCry attacks) was seeded through a software update mechanism built into a third-party accounting program. If your organization uses collaboration suites like Google Workspace or Microsoft 365, shared files can become vectors for malware proliferation.

Security and data protection

Google and Workspace are secure, right?

If you work for one of the many thousands of educational organizations currently using Google Workspace for Education, you benefit from  the agility, flexibility and collaboration Workspace provides.

Google datacenters are secure and offer robust disaster recovery capabilities. However, these mechanisms are intended to be used by Google for recovery from disasters that occur as a result of issues on their end (like server failure or natural disasters).

The Shared Responsibility Model means that you are not protected from data loss if any of these scenarios happen to you due to mistakes on your end. For example:

  • A teacher accidentally deletes their Google Sheet gradebook.
  • A bad file sync corrupts an entire year of lesson plans.
  • A colleague inadvertently overwrites another’s work in Drive.
  • Data becomes corrupted when migrating to a new device.
  • Or, if a ransomware attack locks not just one document, but EVERY DOCUMENT in a shared Drive folder, at compute speed.

Vault and/or Takeout protect us from data loss, correct?

Vault is purpose-built for archiving and eDiscovery. It is not intended to be used for easy restores for point-in-time backups, and it does not allow rapid retrieval of previous versions of data in the event of a loss. Takeout allows those using Google products to create a customized archive by exporting data to a downloadable ZIP file. However, it does not preserve “last known good” versions to efficiently restore lost or ransomware-locked data.

For teachers, students and administrators who need immediate access to critical information each day, backup without rapid recovery might as well be no backup at all.


The need for backup

Do I really need a backup and restore solution?

If your organization’s data is valuable, if your organization stores data that may be subject to regulatory compliance, you need to be able to rapidly restore back to the last known good version of data in the event of loss. And data loss is a growing risk.

Ransomware is on the Rise, Especially in Education
Check Point Software reported 1,605 weekly attacks, on average, against the education sector in 2021. The 75% increase in rate of attacks represented the second-highest year-over-year increase among all industries researched.
Human Error is significant
Deletion is the leading cause of SaaS data loss, whether accidental (20%), external and malicious (19%), or internal and malicious (6%). How long would it take your organization to recover if critical information about student performance or an institution-wide collaborative project was lost?
As technology adoption increases, sync errors will only increase
As educators use an increasing number of apps and devices, sync errors and resulting data loss will grow in frequency and severity of impact.
Google Workspace Needs Backup that enables fast restore
Google says, “You have a limited time from when the data was permanently deleted to restore files and messages. After that, the data is gone forever."
It is Your Responsibility
While Google can protect your organization from issues on their side, they cannot protect your organization from human error, sync errors, or malware and ransomware. If you are involved in your institution’s use of Google Workspace, you share a responsibility for its data protection.

How do backup and recovery solutions help?

The Center for Internet Security (CIS) highlights maintaining backups and establishing a thorough data recovery plan as the first of seven steps to help prevent and limit the impact of ransomware . A cloud-based backup and recovery solution acts as a digital insurance policy for your SaaS applications, filling in the human error and sync error gaps in your data protection plan and providing a secure, off-site location for backups. The best solutions help your organization mitigate the risk of loss from ransomware by automating backups and enabling rapid restores to the last known good point in time. If malware does infect your network and you are locked out of your files, or if a hacker corrupts or deletes critical education data, the best cloud-based backup and recovery solutions enable rapid restores of clean versions of the files, emails, contacts and other information you need to keep your school running.

Finding the right backup and restore solution for your educational institution

Now that you understand the importance of backup and recovery for Google Workspace for Education, start defining the requirements for your organization. The vendor you choose should provide you with an optimum balance of easy of use, security, value and reliable restoration.

Chart for backup solution

Spanning Backup client stories from the education sector

Here is a sampling of feedback from some of our clients from universities, colleges and schools worldwide:

"Spanning protects confidential student data and work that could mean the difference between passing and failing their exams. A loss of data could impact their whole lives.”


Network Manager, Clifton College

“Spanning is the best tool on the market for the price, performance and features. We have selected Spanning for the last four years based on all our criteria.”


National IT Manager, CORE Education

“Using Spanning Backup has allowed me to be less concerned about risk to the documents that we put into Google Drive.”


Director of Infrastructure Services, Hamline University

“I'd recommend Spanning because the feature set, usability, price, and responsiveness of support are second to none."


University of Maryland Robert H Smith School of Business

"Working with Spanning Backup has required nearly zero effort on our part. It just works, every day.”


Technology Coordinator, St. Stephen's Episcopal School

“We rely on Spanning Backup for G Suite to quickly restore data for compliance.”


Learning Technologies Senior Manager, Catholic Education Diocese of Parramatta

“Google is an amazing product, but you need a solution like Spanning Backup to get you out of trouble."


IT Administrator, Catholic Education Diocese of Wilcannia-Forbes


In Summary

In this ebook we learned:

  • What is ransomware and how it attacks our data.
  • That ransomware is zeroing in on the lucrative and unsecured Education domain.
  • The gaps in protection offered by Google Workspace, Vault and Takeout.
  • The ways backup and resolutions can save the day (and the data!).
  • Features to look out for to pick the right backup solution.

Interested in learning more about Spanning Backup for Education?

Click Here