Lego stormtrooper crossing the desert representing data backup

How to comply with DfE ransomware guidelines and backup your data

Posted by XTECH

Following the announcements from The Department of Education earlier this year urging schools to confirm they have ramped up protection for their systems and data due to numerous rounds of targeted ransomware attacks. XTECH went to market to find a true cloud-based solution that was easy to maintain and cost-effective for our customers. It was vital that we found a vendor who understood the current dangers and had a high level of pedigree within the education sector.

Following a sharp increase in attacks on schools and colleges since February, leading to the loss of financial records, student coursework and Covid-19 testing data, the DfE once again wrote to heads, this time seeking confirmation that adequate security measures are in place. 

So what is the DfE saying?

Jon Gilbert, Chief Information Security Officer for the DfE, is now asking UK education establishments to confirm they are taking action to protect their systems and ensure that they have both a backup regime and incident management plan in place.

He wrote: "We have been working closely with the National Cyber Security Centre (NCSC) and have been made aware of an increasing number of cyber-attacks involving ransomware infections affecting the education sector recently, notably multi-academy trusts.  

The financial motivation behind ransomware

"These incidents appear to be financially driven but opportunistic, taking advantage of system weaknesses such as unpatched software, poor authentication systems or the susceptibility of users to misdirection.

"It is important that as heads of multi-academy trusts you understand the nature of the threat and the potential for ransomware to cause considerable damage to your institutions in terms of lost data and access to critical services, as highlighted in the NCSC Alert." 

The increase in attacks comes at a time when schools are being asked to rely heavily on technology, carry out additional reporting and change the nature of examinations.  

In the most recent DfE notification, schools are urged to confirm with their IT team or provider that: 

  1. They are backing up the right data – including Covid-19 testing information, associated data, and data relating to exams alongside other key elements.  
  2. Backups are held fully offline and not connected to systems or in cold storage 
  3. Tests are carried out to ensure backups and restore services are working and data can be recovered  

The Redstor backup solution

To combat this spike in malicious malware, the NCSC recommends a 'defence-in-depth approach' and above all urges organisations to have 'up-to-date and tested offline backups', and this is where XTECH's relationship with Redstor comes into play...

So going back to the start, who have we chosen to work with to provide our Educational customers with peace of mind that their data is protected to DfE recommendations? Well, with over half of all schools data in the UK protected by them and the fact they work closely with UK law enforcement to improve cyber resiliency, it just had to be Redstor.

Check out our exciting partnership launch, but in the meantime, please download the 'Backup for Education: the view from the DfE' whitepaper to find out more.