Ransomware Readiness: In Schools, Recovery Is the Real Strategy

Raphael Dechief, Information Technology Manager, International School of Brussels

Raphael Dechief, Information Technology Manager, International School of Brussels

When I started in education IT twenty-odd years ago, technology was basically a destination. It lived in "the computer lab"—a room at the end of the hall that was centralized, controlled, and, most importantly, contained. If a server died or a cable was pulled, the damage was localized. You lost a room, but the school kept breathing.

Today, technology isn't a room. It is the classroom.

That shift has completely rewritten the risk equation. A cyber incident isn't an "IT ticket" anymore; it’s a total operational cardiac arrest. It hits learning, safeguarding, payroll, and that fragile sense of trust parents place in us. It’s everything, all at once.

And yet, I still see so many schools chasing the ghost of "perfect prevention."

In my experience, that’s a losing game. Schools are messy, open, and curious by design. We onboard thousands of users, integrate "cool new tools" at breakneck speed, and rely on a tangled web of third-party vendors. Trying to plug every single hole in that ecosystem is like trying to keep a sieve from leaking. It’s not just hard; it’s the wrong goal.

The real goal—the one that actually saves your skin—is designing for recovery.

The "Un-Sophisticated" Reality

We often imagine hackers as hooded geniuses in dark rooms, but the reality is much more mundane. Most of the wreckage I’ve seen in K–12 starts with the same three predictable headaches:

• A tired teacher clicks a phishing link in a 4:00 PM email.

• An old remote access point was left open and "unguarded."

• A vendor we trusted had a bad day.

Since these entry points are so predictable, we need to stop asking "How do we stop them?" and start asking: "When they get in, how fast can we kick them out and get back to teaching?"

The Tool Trap

There’s a temptation to throw money at the problem—to buy another dashboard, another "AI-powered" monitor, or another flashing light. But tools don't create security; they often just create noise and "operational fatigue."

The schools that survive ransomware aren't the ones with the biggest budgets; they’re the ones with the most discipline. They’ve done the boring, unsexy work: locking down administrative privileges, isolating their backups, and making sure their network doesn't let an intruder walk freely from the library to the finance office. Resilience isn't something you buy; it's something you architect.

The 24-Hour Narrative

In a crisis, the first 24 hours determine if you look like a leader or a victim.

Staff and parents don't actually expect you to be unhackable—they know the world we live in. But they do expect you to have a plan. They want to know that you’ve identified your "crown jewels," that your backups aren't just sitting there but actually work, and that you know exactly who is authorized to shut down the network if the ship starts taking on water.

My Advice: Stop Writing Policies, Start Running Drills

The single best thing you can do this year isn't buy a new firewall. It’s running a tabletop exercise.

Twice a year, get the Headteacher, the governors, and the legal team in a room. Simulate a total lockout. Ask the hard questions: Who talks to the press? Do we have the legal authority to pay a ransom? Can we run school tomorrow without the internet? These sessions find the cracks that a PDF policy document never will. They replace "blind optimism" with "rehearsed confidence."

The Bottom Line

Cyber threats aren't going away. Between AI-driven attacks and our deepening dependence on the cloud, "perfection" is a fantasy.

But resilience is sustainable. If you can recover quickly, keep the kids safe, and communicate with total clarity, you’ve won. In education, our job is simple, even if it isn't easy: protect the learning, especially when something breaks.