Key Finding 1: Prioritize actionable steps to reduce cybersecurity risks (part 2)

  • 9 minutes

In this unit, you continue to work with your cybersecurity team to prioritize steps such as performing and testing backups and minimizing exposure to common attacks.

Perform and test backups

Ransomware attacks deliberately encrypt or erase data and systems to force your school or district to pay a ransom. The financial and reputational consequences of ransomware incidents, which cause initial disruption and sometimes prolonged recovery, underline the importance of taking proactive steps such as implementing comprehensive backups. All operations systems should be backed up regularly, at least once per year.

Performing regular backups and testing them periodically is a crucial cybersecurity practice in K-12 schools, ensuring the preservation and availability of critical data in the event of a security breach or system failure. Regular backups create copies of important data and store them separately from the primary systems. By regularly backing up your school's systems and data, you effectively mitigate the risks associated with data loss, enabling swift recovery and uninterrupted educational operations.

Explore Microsoft solutions that work seamlessly to back up data across your school or district.

  • Syntex Archive preserves the state of your cloud—across Syntex, SharePoint, OneDrive, and Exchange—so that you can get back to information from the last quarter, the last month, or the last decade with ease, keeping your backup stored conveniently in the Microsoft Cloud.
  • OneDrive Backup automatically syncs your desktop, documents, and pictures folders on your Windows PC to your OneDrive. Your files and folders stay protected and are available from any device.
  • Microsoft Azure Backup is a secure, one-click backup solution that is scalable based on your backup storage needs. This tool makes it easy to define backup policies and protect a wide range of data assets in your school or district. Learn more about backing up your school’s data with Azure Backup in this video.

Next steps

  1. Create offline backups: It’s important that backups be maintained offline, as many ransomware variants attempt to find and delete any accessible backups. Maintaining offline, current backups is most critical because there's no need to pay a ransom for data that is readily accessible to your organization.
  2. Maintain gold images: Maintain regularly updated “gold images” of critical systems in the event they need to be rebuilt. This entails maintaining image “templates” that include a preconfigured operating system and associated software applications that can be quickly deployed to rebuild a system, such as a virtual machine or server.
  3. Retain backup hardware: Retain backup hardware to rebuild systems if rebuilding the primary system isn’t preferred. Hardware that is newer or older than the primary system can present installation or compatibility hurdles when rebuilding from images.
  4. Make source code available: In addition to system images, applicable source code or executables should be available (stored with backups, escrowed, license agreement to obtain). It’s more efficient to rebuild from system images, but some images won’t install on different hardware or platforms correctly; having separate access to needed software helps in these cases.

Minimize exposure to common attacks

Reducing online exposure and vulnerable points of entry is of crucial importance in securing the digital ecosystem within K-12 schools. It involves implementing basic cybersecurity measures to mitigate the potential risks associated with unauthorized access, data breaches, and other malicious activities.

In addition to safeguarding the privacy and personal information of students and staff, maintaining good cyber hygiene in schools helps prevent disruptions in the learning process. By minimizing the risk of malware, phishing attacks, or other cyber threats, schools can ensure that students can access educational resources and platforms without interruptions, promoting a conducive learning environment.

Minimizing exposure to common attacks begins with a comprehensive line of defense to monitor, detect, and mitigate potential threats, like that of Microsoft 365 Defender included in Microsoft 365 A5 licenses. This solution protects all Office 365 applications against advanced threats. It also includes resources that enable districts to address cybersecurity risks from ransomware, malware, phishing, and compromised credentials.

Next steps

  1. Develop and enforce policies for common points of attack. While cyber attackers can exploit any public data, there are several exposure gaps that CISA recommends school leaders address first, such as unauthorized devices, remote desktops, internet software services, and public internet.

  2. Implement effective cyber hygiene, or practices and precautions that staff and students can take to maintain their online security and protect themselves from cyber threats. Microsoft recommends a few basic hygiene practices to keep school environments protected and keep data safe:

    • Utilize anti-malware
    • Apply least privilege access
    • Enable multifactor authentication
    • Keep versions up to date
    • Protect data

  3. CISA recommends that schools get their Stuff Off Search (S.O.S.) to reduce their exposure and visibility to anyone on web-based search platforms. Explore links from their collection of resources designed to help school leaders remove information and devices from public search results.