Responding to a Cyberattack: A School Guide

Responding to a Cyberattack: A School Guide
Responding to a Cyberattack: A School Guide

Business and Operations//

April 25, 2021

The rate of cyberattacks are on the rise, and schools are not excluded from the target list. According to a 2021 report, schools had 408 publicly disclosed attacks last year—that’s up from 348 in 2019. As we emerge from the COVID-19 pandemic, schools need to ensure they can keep ahead of the ever-evolving threats.

Having general security protections in place is imperative. But attacks can occur even with preventive measures in place.

Responding to a cyberattack promptly is crucial. Educate your teachers, faculty, and staff about what to do should an attack occur. Your Information Technology (IT) team may not be the first to discover the attack, and a delayed response can cause significant damage.

School Cyberattacks: What’s Next?

We often talk about preventing an attack, but what happens if your school falls victim? Consider the following five steps. (But be mindful that this is general advice. Consult with your IT professionals to create an action plan.)

Step 1—Disconnect and Notify

Shut down your internet connection—ethernet cables, WiFi, Bluetooth, and cellular data—as soon as you notice a problem. If your IT isn’t aware of the attack, notify them immediately.

In the meantime, if you are savvy with technology, you can disable remote access, install pending security updates, and change passwords.

Step 2— Delete Nothing

Refrain from deleting data, apps, or programs. Keeping data intact—including backup data—can be critical to investigating the situation.

Step 3—Define the Issue

Understanding how (and where) the attack happened will support you in preventing it in the future. Work with your IT team to determine which server or data may be affected. When explaining the situation, be as specific as possible, identifying websites visited, emails opened, or documents downloaded. Determine if data has been stolen or shared publicly.

Step 4—Report It

Notify your cybersecurity insurance provider as soon as possible. Timing is critical when it comes to cyberattacks, especially if funds have been stolen. Immediate notification can increase the probability of recovering any lost funds and protect your school from a public relations disaster.


webinar

Tune in to ask questions related to this Source article or other topics you've encountered lately.

Visit our NEW Community and start posting.


Step 5—Plan a Response

Depending on what happened, your school may have to share information about the attack with families or the community. Once you assess the situation, determine any legal issues, and then collaborate with your legal, public relations, and communications team to discuss a public response. Having a response in place will allow you to share a report of the situation without delay—leading to a positive outcome from an otherwise negative situation.

A distinctive level of cyber protection.

Cyber Liability Insurance

Education about smart online practices and general cyber-security is key to preventing attacks, but these aren’t the only safeguards your school should use. A cyber-attack could still occur, leaving your school's finances and equipment—not to mention information about your students and your families—at risk. 

Cyber Liability from ISM Insurance helps your school manage your risk by coupling state-of-the-art, preventive cyber-security programs with best-in-class cyber-insurance through policies offered by our A+ carrier partners. We created our programs with schools in mind, tailored to address their unique needs.

LEARN MORE

ism
ism

Upcoming Events

2/25/2025 — 2/27/2025

workshop

Strategic Communications: Understanding and Engaging Your School’s Constituents

Status: Open

Register

1/15/2025 - 12:00pm ET

webinar

Five Things Heads Need to Know About Retiring Well

Status: Open

Register

More Events

  • webinar 1/22/2025 - 3:00pm ET

    Navigating AI Media: Policies, Education, and Protection for K-12 Schools

    Register
  • workshop 3/17/2025 — 3/21/2025

    Student-Centered Scheduling Design

    Register
  • webinar 1/23/2025 - 3:00pm ET

    Building a Culture of Giving and Getting Involved

    Register