Ensuring your backups are ransomware-free and DfE compliant in time for the summer holidays
As schools and organisations try to put the mainstay of disruption from the COVID pandemic behind
them, one aspect that cannot be forgotten is cyber-security, despite any new challenges that are
being faced.
When rapid changes to daily operations were made to accommodate remote working, teaching, and
learning, cyber-criminals sat up and paid attention.
In the last 18 months, there has been a drastic increase in malicious (ransomware) attacks that utilise
COVID-based messaging to lure unwitting victims into a breach. In addition, understanding that
remote users are often less able to access technical support and are likely to have weakened cyber-
security at home, has only made hackers increase the number of attacks they are attempting.
A hack, malware or ransomware attack might be very expensive and dangerous for schools,
therefore maintaining high levels of cyber security should be a top concern. However, budget issues
still exist, so solutions must be dependable and cost-effective.
What has the DfE said about ransomware?
The Department for Education, The National Cyber Security Centre (NCSC) and local and regional
cyber-units of the Police, all recommend that a ransom should never be paid.
This puts an onus on schools to be able to recover data from a ransomware infection in some other
way, most commonly from a secure backup.
However, not all backup solutions are completely secure against ransomware. As cyber-criminals
look to improve their chances of a ransom payment, there have been multiple ‘strains’ of
ransomware identified, that actively target network-attached backups.
Backups need to be ‘offline’ to be an effective recovery option against ransomware; An offline
backup is only connected to a live network when absolutely necessary, such as when a backup is in
progress. The backed-up data is then stored separately from the live network.
In addition to being offline, backups that protect against the effects of ransomware by offering a
suitable recovery option should also be immutable.
An immutable backup is one which cannot be altered following its completion. This ensures the
backed-up data cannot be infected by ransomware, and the backed-up data cannot be deleted,
maliciously or accidentally.
A ‘defence in depth’ approach
Additional guidance from the NCSC on mitigating malware and ransomware attacks, which can be
found on their website, helps private and public sector organisations deal with the effects and also
outlines steps to take if the organisation is already infected.
Amongst this guidance, it is advised that organisations should take a defence-in-depth approach,
ensuring layers of resiliency against ransomware.
It is also stated that organisations should “scan backups for malware before you restore files.
Ransomware may have infiltrated your network over a period of time, and replicated to backups
before being discovered.”
How are Transparent Communications helping schools stay ransomware free?
Transparent Communication’s backup and recovery solution, which is underpinned by Redstor, is
compliant with DfE guidance for staying protected against ransomware and backed by over 20 years
of experience.
Redstor’s backup service for schools, often referred to as RBUSS, enables schools to protect all of
their vital data whether stored on-site or in the cloud from a single application. Data is securely
stored in two resilient, UK-based data centres with immutability built-in as standard and thanks to
InstantData™, data can be rapidly recovered on-demand whether for testing purposes or in a
disaster scenario.
AI-driven malware detection within the solution enables schools to detect and remove malicious
files from within backups, helping with compliance and ensuring a clean recovery can take place
when needed.
Get set up in time for the summer holidays
With the summer break fast approaching, there is no better time to review your existing backup and
recovery regime and ensure you are protected from ransomware.
If you are unsure you are meeting the latest guidelines from the DfE and NCSC, not sure you’d be
able to recover in the event of ransomware or think it’s just time for a change, we’d welcome a
conversation.
Reach out to the team to organise a chat, see a demo, and try Redstor for yourself with a no-
obligations 14-day trial.