How can schools stay safe in the age of digital learning and ransomware?

digital learning and ransomware, student data
© Sarayuth Punnasuriyaporn

Rick Vanover, Senior Director of Product Strategy at Veeam, discusses the urgency of protecting schools in the days of digital learning and ransomware

Whether you are a teacher, parent, IT professional or student, you will have witnessed the extraordinary transition the education sector has recently undergone. Despite our schools having already facilitated distance, digital and remote learning for some years now, there is no doubt that the global lockdown has acted as a catalyst for further rapid and momentous change.

As our systems continue to evolve, it is crucial that our data security strategy advances at the same speed, but this is often easier said than done. For education institutions to meet the ongoing demands of learning in the digital age, they must ensure they have watertight protection of sensitive data against one of the most common forms of attack, ransomware.

Unfortunately, ransomware incidents are growing rapidly and posing a very serious threat to education institutions in the UK. So much so that the National Cyber Security Centre (NCSC) recently issued an alert to the country’s universities urging their IT and management teams to refortify their digital infrastructures following a spate of attacks on a number of leading universities.

In these attacks, data collected on students, staff and teachers – which can be highly personal or sensitive – such as student performance data, demographic characteristics or responses to surveys, can all be obtained by hackers. This data is attractive to malicious entities because they understand the impact a data breach could have on an institution’s reputation, and so therefore see a better chance of securing a ransom for their crime.

By taking proactive as opposed to reactive precautions, this face-off might never be necessary. IT teams within schools should consider a data protection strategy on a foundation of education, implementation and remediation to be impermeable from the word go.

Understanding the risks of digital learning and ransomware

The journey of understanding starts after the threat actors are identified. Remote desktop protocol (RDP) or other remote access tools, phish and software updates are the three main mechanisms for entry. Knowing this could help your institution focus its investment strategically, enabling maximum resilience against ransomware from an attack vector perspective.

Most IT administrators use RDP for their daily work, with many RDP servers still directly connected on the internet. As a result, over half of ransomware attacks currently use RDP as an entry pathway. Those not accessing via RDP may instead choose phish mail as their method of choice. It is also essential to regularly update critical categories of IT assets such as operating systems, applications, databases and device firmware. Extend this thorough approach to data centres, too, as they can be just as susceptible to attack as the data housed on-site.


When it comes to a ransomware attack, its resiliency hinges on how the backup solution is implemented, the behaviour of the threat and the course of remediation. As an important part of ransomware resiliency, implementation of backup infrastructure is a critical step. The Veeam Freedom of Information Report 2020 found that four-out-of-five UK universities (80%) do conduct regular tests on their data backup systems, which is encouraging.

Backup repositories are an essential storage resource when it comes to ransomware resiliency, so it is recommended that access to those within the organisation is not permitted. Insiders having the permissions to access this data could lead to potential leaks outside of the organisation, so it is recommended that these responsibilities are managed by a third party, where possible.


Despite ensuring your institution is educated around the threats of ransomware and implements the correct techniques accordingly, you should always be prepared to remediate a threat where necessary.

If you do suffer an attack, your next steps to remediating ransomware are:

  • Do not pay the ransom.
  • The only option is to restore data.

One of the hardest parts of recovering from a hack is decision authority. Make sure you have a clear protocol in place that establishes who will make the call to restore or to fail over your data in the event of a disaster. Within these business discussions, agree on a list of security, incident response and identity management contacts that you can call on if needed. When a breach happens, time is of the essence, so you will thank yourself for having prepared in advance.

Much like you would invest in insurance for your home, you should consider backup an investment in the same vein. It is something you hope never to need, but if the worst happens, your institution is protected, and your staff and students’ data is safe. By properly educating your colleagues on the risks, implementing the appropriate infrastructure and having the appropriate remediation protocols in place, you will not only increase your resiliency against ransomware attacks but also avoid data loss, financial costs or reputation damage to your school.

Here you can download the Veeam Freedom of Information Report 2020.


Please enter your comment!
Please enter your name here