Skip To Content

Protect Your Network with Data Backups


Why Backups?

In March 2023, computer hackers burrowed into the Minneapolis Public Schools network, stole sensitive data, and demanded a $1 million ransom. When district administrators refused to pay, criminals dumped the data onto the dark web. The 300,000 stolen files included sensitive information such as student medical records and discrimination complaints.

Ransomware attacks like the one in Minneapolis are increasingly common and costly. Your district can avoid a similar fate if you invest in strong data backups.

Ransomware Statistics

According to Sophos’ State of Ransomware 2023:

  • 80% of K-12 schools and 79% of colleges reported ransomware attacks in the past year, up from 56% and 64% in 2022.
  • The average (mean) ransom payment nearly doubled from $812,380 in 2022 to $1,542,333 in 2023.
  • Organizations reported an estimated mean cost of $1,820,000 to recover from ransomware attacks. That number doesn't include ransom payments.
  • 70% of organizations that got their data back after suffering a ransomware attack relied on network backups.

Bird’s-Eye View of Data Backups

For a deep dive into data backup and recovery best practices, Fund members with Cybersecurity coverage can watch our on-demand webinar. As a primer, here are five things you need to know:

1. Benefits Outweigh Costs

Vendor services, staff time, additional network bandwidth, and equipment costs are a few of the expenses that come with backing up your network. Still, Athens ISD administrators know your investment will pay dividends if cybercriminals come calling.

In 2020, a ransomware attack froze the district’s servers, including multiple backups. Access to teacher communications, student schedules, grades, and assignments was blocked. Fortunately, staff found an uncorrupted cloud backup, and the district avoided paying a ransom.

2. Follow the 3-2-1 Rule

When planning your data backup strategy, you have options. Each comes with pros and cons. For example, on-site backups protect your data against attacks on vendors you do business with. On the flip side, your backups could be damaged during local disasters such as a floods and fires.

Your organization’s size, IT staff expertise, internet bandwidth, and budget are just a few factors you should consider when investing in backups. Whichever options you choose, follow the 3-2-1 rule: 

  • 3 - Maintain three network copies.
  • 2 - On two media formats (local drive, tape, cloud).
  • 1 - Keep at least one off-site copy.

3. Practice Makes Perfect

Even the best backups won’t do you much good if you can’t call them into action during a ransomware attack. That's why you should routinely test your data backups. You can buy software that automates testing and notifies your IT department whether the data is valid. We also recommend running drills at least once a year to practice verifying backup integrity and restoring your network.

4. Data Backups are a Coverage Consideration

As part of a self-insured risk pool, Fund members are stronger together. Every member shares responsibility for protecting the Fund’s long-term financial stability. With that in mind, if members want to increase their cyber coverage limits, our underwriters want to know whether they follow four basic cybersecurity best practices. One of them is, you guessed it, network backups.

5. You Need a Comprehensive Strategy

Data backups should be one cog in your strategy to defend against not only ransomware attacks but all forms of cybercrime. Promote these best practices among your team:

  • Avoid untrusted links/attachments.
  • Only download from trusted sites.
  • Protect personal information.
  • Don’t use unknown USBs.
  • Allow security patches to run, even during extended breaks.
  • Steer clear of unsecured Wi-Fi.

Next Steps

The increasing frequency and severity of cybercrime against schools is driving coverage costs up. The Fund is here to help you protect your data and navigate the market. Any school can benefit from our cybersecurity Insights. Fund members with cybersecurity coverage benefit from training and consultation services, this guide to data backups, and this on-demand webinar.

Lucas Anderson headshot
Lucas Anderson
Privacy and Cyber Risk Consultant

Lucas Anderson joined TASB Risk Management Services in 2019, bringing more than a decade of experience in cybersecurity, network administration, and information technology. He advises districts on preemptive mitigation against ongoing and emerging cybercriminal threats targeting the education sector, as well as cybersecurity-related regulatory compliance. 

Over his career, Anderson has supported public and private organizations, including Booz Allen Hamilton, the White House Office of Management and Budget, the Department of Defense, and the Texas Association of Counties. 

Get the Inside Scoop

Want to receive our newsletter and training emails? Sign up to get the latest risk management information that will help you succeed.