Responding to a Cyberattack: A School Guide

Responding to a Cyberattack: A School Guide
Responding to a Cyberattack: A School Guide

Business and Operations

The rate of cyberattacks are on the rise, and schools are not excluded from the target list. According to a 2021 report, schools had 408 publicly disclosed attacks last year—that’s up from 348 in 2019. As we emerge from the COVID-19 pandemic, schools need to ensure they can keep ahead of the ever-evolving threats.

Having general security protections in place is imperative. But attacks can occur even with preventive measures in place.

Responding to a cyberattack promptly is crucial. Educate your teachers, faculty, and staff about what to do should an attack occur. Your Information Technology (IT) team may not be the first to discover the attack, and a delayed response can cause significant damage.

School Cyberattacks: What’s Next?

We often talk about preventing an attack, but what happens if your school falls victim? Consider the following five steps. (But be mindful that this is general advice. Consult with your IT professionals to create an action plan.)

Step 1—Disconnect and Notify

Shut down your internet connection—ethernet cables, WiFi, Bluetooth, and cellular data—as soon as you notice a problem. If your IT isn’t aware of the attack, notify them immediately.

In the meantime, if you are savvy with technology, you can disable remote access, install pending security updates, and change passwords.

Step 2— Delete Nothing

Refrain from deleting data, apps, or programs. Keeping data intact—including backup data—can be critical to investigating the situation.

Step 3—Define the Issue

Understanding how (and where) the attack happened will support you in preventing it in the future. Work with your IT team to determine which server or data may be affected. When explaining the situation, be as specific as possible, identifying websites visited, emails opened, or documents downloaded. Determine if data has been stolen or shared publicly.

Step 4—Report It

Notify your cybersecurity insurance provider as soon as possible. Timing is critical when it comes to cyberattacks, especially if funds have been stolen. Immediate notification can increase the probability of recovering any lost funds and protect your school from a public relations disaster.


Tune in to ask questions related to this Source article or other topics you've encountered lately.

Visit our NEW Community and start posting.

Step 5—Plan a Response

Depending on what happened, your school may have to share information about the attack with families or the community. Once you assess the situation, determine any legal issues, and then collaborate with your legal, public relations, and communications team to discuss a public response. Having a response in place will allow you to share a report of the situation without delay—leading to a positive outcome from an otherwise negative situation.

Find your school's vulnerabilities—cyberattacks are on the rise

Protect your students and your school with ISM Insurance!

Cyberattacks can happen at any time to any school—including email phishing, ransomware, denial of service attacks, data breaches, social engineering, wire fraud, and technology failures. Discover how to protect your school from cyberrisk and minimize the impact it can have on your operations. Partner with ISM and the best insurance carriers to protect your school from cyberattacks.

To learn more, email or call 302-656-4944.


Upcoming Events

6/22/2021 — 6/24/2021


Strategic Financial Planning: A Comprehensive Approach

Status: Open


7/20/2021 — 7/22/2021


Virtual Advancement Summit

Status: Open


More Events

  • workshop 6/21/2021 — 6/25/2021

    Chairing Your Department: The First Five Years

  • workshop 6/28/2021 — 6/30/2021

    Mastering Enrollment Management in a Post-COVID-19 World

  • workshop 7/12/2021 — 7/15/2021

    High-Performing Teams: Managing Up, Down, and Sideways