Essential BCDR for Schools for Fall 2020 and Beyond
COVID-19 pandemic—not just in terms of the coronavirus outbreak, but also from the onslaught of cyberattacks on colleges, universities and K-12 school systems.
For many schools, “returning to class” will mean resuming distance learning, using a patchwork of applications and remote learning systems that are often unsecure and vulnerable to attack by cyber-criminals. With cyberattacks occurring 4x as often during the pandemic, it’s inevitable that schools will remain a top target this fall.
Implementing robust solutions for BCDR for schools should be a top priority for administrators, regardless of what their learning environments look like this fall.
The risks of data loss in schools
In previous posts, we’ve underscored the importance of business continuity in education. But what exactly are the risks, especially now in the context of COVID-19?
Worst-case scenario: a cyberattack could take down your entire school system, leaving educators and students stranded without access to grades, files or learning tools for weeks. And in the process, it would negate all the other efforts and time put into the safe reopening of schools.
But it doesn’t have to take a widespread cyberattack to wreak havoc on a school. Almost any data-loss scenario has the potential to upend the semester, creating costly challenges for administrators.
Example disaster scenarios
What exactly does data loss look like in education? Here are just a few examples of what can go wrong:
- A ransomware attack can encrypt data across all school servers and devices. This can take down school email systems, websites, learning portals and make applications unusable across the entire network.
- Ransomware can also destroy vital data in any department: student records, grades, accounting data, human resources files and so on. In a university, this could mean losing admissions records, digital transcripts and financial aid files. It could lock up communications systems, security tools and systems within a medical university’s hospitals and doctors’ offices.
- Phishing schemes could deceive school staff or students who are using unfamiliar applications. This could result in sign-in credentials being compromised, and in turn, hackers could gain access to other critical school systems for the purposes of data theft or malware delivery.
- On a smaller level, even the loss of a single critical file can cause headaches for school administrators and the IT teams that support them. For example, if an administrator accidentally deletes an important spreadsheet, it eats up valuable IT resources and can take hours or days to recover, especially when there’s no reliable BCDR systems in place.
- School-provided devices tend to be even more vulnerable to malware and data loss, because they’re not always configured with the same security as other devices on the school network. If students inadvertently download malware, the devices could require replacement, increasing costs even further and putting added stress on IT teams.
- On college campus networks, the risk of malware and other data-destroying threats is always present in email, malicious websites and portable flash drives that students use to transfer files between campus devices. These threats were already challenges prior to the pandemic, and they could be even worse this fall as schools face shortages in IT staff (and shrinking revenues).
The precedent has already been set
You don’t have to look far for proof that schools are already a target.
- Last year, more than 1,000 U.S. public and private schools, across 72 districts, were hit by ransomware.
- In the first quarter of 2020, an additional 17 school districts and U.S. colleges (encompassing nearly 300 school buildings) were victims of ransomware. Several of the school systems lost total access to their networks, files and communications systems.
- Colleges are also increasingly being hit with cyber-extortion, in which hackers steal sensitive data and demand cash to keep them from posting it publicly. Three colleges faced such attacks in just the last few weeks: Michigan State University, UC San Francisco and Columbia College Chicago.
The need for quick recovery
Today’s best BCDR for schools can help ensure a fast recovery to these events and others, significantly minimizing the impact.
A quick recovery means schools can rapidly restore lost data and resume operations with hardly a flinch. So, whether it’s a single missing file or widespread ransomware attack, schools have backups they can depend on to maintain continuity.
With the Fall 2020 semester just weeks away, colleges and K-12 schools should be deploying better BCDR technologies now, before disruptions occur.
What’s the best BCDR for schools?
Since not all BCDR for schools provide the same level of protection, it’s important to choose an adequate system for your institution. Further below, we outline some of the key features to look for, but there are some fundamental capabilities that every school should consider.
Most important is that schools must be able to back up their entire computing environment, multiple times a day. If some devices or virtual servers aren’t being protected, then you risk losing huge swaths of data when a disaster occurs. Backups should be tested regularly to ensure they’re viable. And they must be recoverable via a variety of methods, depending on the nature of the incident.
It’s imperative that recovery is fast and reliable. Every hour that schools go without their data, the costs continue to rack up.
Business continuity and disaster recovery
BCDR for schools must provide the same high levels of protection that the business world relies on.
After all, today’s school districts and colleges can have hundreds of staff – not to mention thousands of students and annual budgets in the millions of dollars. This is on par with a mid- to large-size company. So the data protection should be no less robust.
It’s the role of IT to ensure that no system or data is left unprotected. No department should be using a lightweight backup tool or file-sharing app for the purposes of data protection. All backup processes, across the school, should be handled by a robust business continuity and disaster recovery solution.
A stronger backup strategy for education
How schools store their backups has never been more important.
One of the reasons that schools have trouble recovering from ransomware attacks is that the backups are compromised in the attack, or the backups fail during recovery due to corrupted data.
Schools can eliminate these risks by transitioning to newer BCDR solutions that significantly improve backup resilience and availability. For example, the Datto SIRIS uses Inverse Chain Technology to create image-based backups that store every recovery point in a fully constructed state (without ever having to reset the backup chain, where problems traditionally occur in older BCDR systems).
In addition to more resilient backups, this process also results in greater efficiency and enables a backup frequency of every 5 minutes. That frequency is critical for schools to be able to protect their data around the clock.
Leveraging the cloud for added protection
Where backups are stored is just as important.
If backups are kept only on local devices, then they’re vulnerable to being destroyed in a fire, natural disaster or any event in which the on-premise infrastructure is physically compromised.
A better solution is a hybrid approach. This employs a dedicated on-site backup device, such as the Datto SIRIS, with the added protection of replicated backups in the cloud. The cloud backups provide added protection in case of an on-site disaster, while also enabling data to be restored from anywhere (an added bonus if IT teams are working remotely).
Protection for physical, virtual and cloud infrastructure
Schools’ computing environments look a lot different than they did just a decade or two ago. So why haven’t schools updated their BCDR systems too?
The latest backup solutions can protect nearly any operating system, no matter where it is or how it’s deployed. This is another area where the Datto SIRIS excels. It can be deployed as an appliance, imaged, or virtual system, and it can protect any physical, virtual and cloud infrastructure running on Windows, Mac or Linux.
So, for example, if the college’s art department uses Macs, and the financial aid department uses Windows, and the off-site research facility uses Citrix for remote desktop virtualization, it’s all protected by the same backup system.
Restore options for any scenario
Data loss can take many forms, and each type requires its own recovery option. For example, you should not need to restore an entire backup just to retrieve one lost file. On the flip side, if an entire protected machine is suddenly failing, you need full recovery options, like bare metal restores or hypervisors for virtual machines.
BCDR for schools need to have restore options for every possible disaster. Newer capabilities, like Datto’s Rapid Rollback, even allow you to undo widespread file changes (such as those caused by a ransomware attack) without restoring the full backup or performing a bare metal restore.
Datto also offers backup virtualization (on-site and in the cloud), allowing you to boot the backup as a virtual machine. This provides instant access to protected data and applications, so teams can continue critical functions, from anywhere.
In COVID times and beyond, this is the kind of protection that colleges, universities and K-12 school systems need to ensure continuity through the worst possible disasters.
Request a Free Demo
For more information on protecting your school with Datto’s hybrid cloud BC/DR solutions, request a free demo or contact our disaster recovery experts at Invenio IT. Call us at (646) 395-1170 or email success@invenioIT.com.