**RansomCare** Education
Case Study | Winchester College
Winchester College already had a strong cybersecurity infrastructure in place, but still felt vulnerable if that defence was broken. It was looking for a low-cost, easy-to-use, but also effective system and so it turned to Ricoh and its RansomCare solution.
Name
Winchester College
Location
Winchester, Hampshire
Size
704 pupils, 400+ teaching & support staff
Activity
Education
Challenges
Solution
Benefits
It was in 1382, shortly before Chaucer wrote The Canterbury Tales, that William of Wykeham, Bishop of Winchester, founded Winchester College. Some 600 years later, it is a thriving independent boarding school for boys located on a single, multi-building site in Winchester.
In the education sector, safeguarding and protecting pupils is one of the most important duties of a school. But it has become harder as institutions rely more and more on technology and the Internet to deliver learning. At Winchester College there are around 1,000 users of IT devices. Pupils and teachers are given a Microsoft Surface tablet and Office 365 accounts to support learning. In addition, each pupil is allowed to have up to five of their own mobile devices. Supporting that environment is a fibre optic and wireless network with around 500 access points few of which are physical connections.
Lawrence Beech, Director of IT at the school, says, “We are proud of what we have achieved in terms of developing a progressive digital environment for our learners.”
Ensuring that environment is open and easy to use, but also secure is a challenge. The school protects it with next generation firewalls and several robust anti-virus and security systems. But being a boarding school adds another layer of complexity.
Beech says, “In effect, we are in loco parentis to our pupils because the boys board at Winchester College, so it is both school and home for them. As well as using their tablets for learning and things like homework in the evenings, they also need to use mobiles and laptops and the Internet to communicate with family.” While the school is 24/7, its IT team is not and it is late at night or weekends that most security threats occur.
The school had been looking at what it could do to make the school even more secure especially against ransomware attack.
“Most security applications at the time were about perimeter defence and stopping the bad actors at the door,” says Beech. “If I look at large corporations that spend millions on cybersecurity and get breached it tells you it is a question of when, not if. We can’t spend millions on perimeter defences that we know are going to be breached. We take every precaution we can, but what do we do when we are breached? How do we manage and prepare for that event?”
The question facing Beech was finding a reasonable and affordable way to deliver robust security for the school. “What kept me awake at night was how quickly could we identify an issue and how quickly could we deal with it. I was worried that several incidents in the education sector showed they were not prepared, and it took a long time to recover. Calling in a security team to deal with something post-event felt wrong, so putting effort into prevention would be better.”
Winchester College decided to deploy Ricoh’s ransomware solution, RansomCare based on BullWall software. The decision was influenced by the fact that RansomCare showed it could work effectively and that it offers a reasonable cost balance for the school. Beech says, “At the time there weren’t many alternatives. There were some high-end, expensive products that do a similar thing to RansomCare, but they were not a good fit for a normal enterprise like our school. Another important feature of RansomCare is ease of use and ease of implementation.”
Oliver Webb, Head of Infrastructure, at Winchester College, adds, “RansomCare offers protection at a different stage of the attack. It was the only product we found that could stop an attack in progress, detect it and shut it down.”
Implementation proved to be very quick and simple. It took just two hours to install on the school’s server and put the application into learning mode so that it could understand how systems and files were used to determine what would or would not be abnormal behaviour. Within two weeks RansomCare was in full production. It is protecting all the on-premise files and systems and will shortly be deployed
to other applications such as SharePoint. “One thing I like about RansomCare is you only have to set it up on a single server and not on server clients, programmes or policies on end-user devices,” says Webb.
Since installation, RansomCare has found a few instances that it thought unusual and has shut down one or two users. But these have been false alarms. For example, someone received a legitimate encrypted email and saved it onto a shared file server.
Ricoh support has been impressive. In one instance, there was an anomaly at 5pm one Friday evening that the school was not sure about. Within half an hour, the school was on a Teams call with Ricoh and the chief technology officer of BullWall helping deal with the issue which was a false alarm.
Besides its impact on lockdown challenges, the Ricoh solution and service has been a key part of helping the business make store backroom operations more efficient, productive and cost effective.
Beech says, “The benefit of something like RansomCare is difficult to articulate because we never want an attack, but if we do it will be worth its weight in gold. Thankfully, it has not happened yet. But we have had other events which have taught us behavioural issues like how people are managing files and data which helps us understand our business better. Ultimately, it is the reassurance that means you can go to bed at night and sleep a little easier.”
Ricoh Solution/Products
RansomCare
BullWall software
Webb says, “It is the peace of mind that RansomCare gives you. You can go home at 5pm, knowing that RansomCare is there and if something happens it will take care of it. We know we’ve got good perimeter security and if there’s a breach, we’ve got a last line of defence that will step in much faster than we ever could, determine who it is, what is happening and stop it.”
RansomCare is showing up things – albeit false alarms - that the school’s IT did not know about before and learning more about how files and applications are used. This is helping to make systems more efficient and secure. When analysing an incident, RansomCare provides a useful flowchart to show the process and lifecycle of the incident to aid further prevention and detection. This means that false alarms and legitimate activity can be investigated and listed so it does not cause an alert or shutdown in future. Another benefit is automatic GDPR reports that can be produced as auditable evidence if there is an attack.
Ricoh is empowering digital workplaces using innovative technologies and services that enable individuals to work smarter from anywhere.
With cultivated knowledge and organizational capabilities nurtured over its 85-years history, Ricoh is a leading provider of digital services and information management, and print and imaging solutions designed to support digital transformation and optimize business performance.
Headquartered in Tokyo, Ricoh Group has major operations throughout the world and its products and services now reach customers in approximately 200 countries and regions. In the financial year ended March 2021, Ricoh Group had worldwide sales of 1,682 billion yen (approx. 15.1 billion USD).
For further information, please visit www.ricoh.co.uk