You did what you could to protect your school, but cybercriminals found an unlocked door.

Cyberattacks happen, and they happen to a lot of schools. So you’re not alone. In 2018, there were 122 publicly reported cybersecurity incidents at schools—and that doesn’t take into account the breaches that didn’t get reported.

If you respond quickly and effectively, though, you can minimize damage to systems, data and stakeholder confidence. Your first move should be to implement your incident response plan. If you don’t have an IRP, work with an IT security professional to create one. The plan should include the following steps, at minimum:

  1. Block the method of attack. For example, do you have a number of semi-legitimate looking emails going around with .ZIP files attached that contain malware? You need to let staff know they should stop opening these emails while simultaneously making sure your systems administrators are blocking the spread of the email. If you have a data leak, however, you probably don’t want to do a mass communication to the whole school system until you better understand what was leaked and to whom.
  2. Document key points about the breach—including the type of breach, what systems were affected, the type of data compromised, and the scope of the attack. You can’t over-document an incident like this. Collect as much information as you can so that you can understand what happened and respond appropriately.
  3. Report the breach to your school’s cyber insurance provider. Don’t have cyber insurance? Ask your IT security team to walk you through selecting a broker. (A managed services provider like Vartek can help you through this.)
  4. Report the breach to your school’s attorney. You need to determine if the type of breach you’re dealing with requires you to hire a third-party forensic investigator.
  5. Communicate strategically. Sounding the alarm too soon might cause overreaction, but not sounding it soon enough could make it look like you’re not being transparent. Consult your school’s communications director, who will help you deliver the right message to the right audience at the right time.

Once your plan is in motion, see the attack as a learning opportunity. Look for ways to improve your systems, policies, and behaviors to reduce the chances of a repeat offense. Here are some best practices other cyberattack victims have already learned:

  • Have multiple weeks’ worth of backups. This will allow you to restore files from a version created before the malware hit and was possibly, unknowingly, backed up, too.
  • Fortify your systems regularly. Keeping your software and hardware as current as possible won’t keep all the bad actors out, but it will at least prevent those who do get in from getting in too far before they’re caught.
  • Train your staff and students to be even more aware and more cautious. Make sure they understand that cyberthieves are becoming more sophisticated and are more likely to con their way through the front door than they are to bust it down.

A strategic IT partner can be one of your best companions in cyberspace. If you want more information about how to prevent or at least rebound from a cyberattack, call Vartek at 800-954-2524 or email