We Need You to Fight Ransomware in K12 Schools We Need You to Fight Ransomware in K12 Schools

We Need You to Fight Ransomware in K12 Schools

by Mike Bianco
Mike Bianco Mike Bianco Vice President of Information Security, CISSP
Read time:

Editor's note: This post first appeared at Emerging Edtech.

No one wants to imagine the headlines and aftermath of a ransomware attack. However, preparing for such an event is crucial to escaping with your data intact and without shelling out ransom to attackers. More than 56% of K12 education organizations suffered ransomware attacks between 2020 and 2021—with an average cost of over $265,000.

To help strategize, break planning into different stages of a hypothetical attack. Here’s how to prepare to weather the storm.


Before an attack happens

No one ever regretted implementing best practices. If you don’t yet have an incident response plan, create one now.

Implement the principle of least privilege. If someone does manage to infiltrate systems, their credentials ideally won’t be sufficient to reach valuable data.

Endpoint detection and response (EDR) is way more than simply antivirus software! Monitoring the health and security of each endpoint (read: a device connected to the network) zeroes in on the nooks and crannies criminals hope you neglect.
Keep up with software patches—it makes a difference and protects your network from exposure. In 2022, over 22.5 thousand new common IT vulnerabilities and exposures were discovered, a new record.

Data backup follows the 3-2-1 rule: 3 copies, 2 different media formats, 1 offsite. Then test it!

82% of breaches in 2021 involved the human element. 35% involved the use of email. You can expect 7–10% of real phishing emails to filter through your blocking systems, so practice matters. (Did you know some are authored by your own students?)

Make security training a regular routine of life. Include incentives for completing training, such as digital badges, leaderboards, and certificates, for completing training well. With regular practice using KnowBe4 training programs, districts have gone from a 32% fail rate on phishing tests to a 4% fail rate. Plus, some cyber insurance programs require proof of training and data backup.

What do I do if I suspect a phishing email or ransomware? 
Decide the course of action ahead of time—for almost all users this will be to contact internal IT and follow their instructions.


During a ransomware attack

Front end users:

It’s important users know what to do before an attack actually happens. 
Number 1: Contact IT immediately.
Most folks’ roles will stop after that, but they still need to be told what to do in the meantime and how to communicate with their own stakeholders and students. To that end, make community-facing folks (admin assistants, teachers, etc.) aware of the situation and the unified messaging from the PR team.

Back end users:

Enact your district’s incident response plan.
Disconnect and isolate infected systems but don’t turn devices off.
Locate patient zero to identify the source and type of breach.
Contact your cyber insurance, authorities, response teams, public relations.
Meet with vendors, work together, stay informed, evaluate options for moving forward. 
Record facts and file them for retrospective later.

After a ransomware attack

The bad guys leave back doors, so never re-use compromised systems. Instead rebuild them after verifying it’s safe to do so.
Enlist the help of your vendors (like Skyward). There can be nuances that are critical to getting your systems back on track.

Learn from it: How did attackers get through? Re-evaluate policies and make changes to block copycat and repeat attacks.

Make retrospective questions standard and include vendor notes and feedback. Keep these facts and findings organized and confidential but allow transparency to stakeholder teams. Knowledge is power and data is private. 

Be prepared! Create an incident response plan tailored to your district. Share and practice the plan with your stakeholders.  By taking the time to prepare, you’ll eliminate headaches in the future. While we can’t prevent bad actors from targeting school data, we can definitely prepare as well as possible.

Empower everyone to be a cyber hero. 

Follow up resources: CISA Guides

Learn more these guides from the Cybersecurity & Infrastructure Security Agency.
K12 Guides
Stop Ransomware
Ransomware Guide


Mike Bianco Mike Bianco Vice President of Information Security, CISSP
Share this story:

Large Districts Large Districts

Recent Articles

Metacognition is the Superpower Students Need for the Future
If students are going to thrive in a future woven with AI, they need to start thinking about thinking ASAP. Erin Werra
3 Ways to Play the Long Game for Staff Retention
Use these tactics early in the school year to build educator stamina and keep morale high all year long. Casey Hernandez
How Are You Attracting and Retaining Teachers of Color?
Automating your applicant tracking eases the effects of covert biases and provides an attractive applicant experience. Erin Werra

Share Facebook
LinkedIn Email
Humanity 🤝 Technology
Edtech insight delivered directly to you.