We Need You to Fight Ransomware in K-12 Schools

Before an attack happens

1. If you don’t yet have an incident response plan, create one now. Determine the course of action for employees to follow if they suspect a phishing email or ransomware, and communicate this plan far and wide. For almost all users, the first step will be to contact internal IT and follow their instructions.
2. Use Skyward’s security audit report (available in both SMS 2.0 and Qmlativ) to make sure your system and data are meeting security best practices and that no one has access to more information than they need. That way, if someone does manage to infiltrate your system, their credentials ideally won’t be sufficient to reach valuable data.
3. Remember, endpoint detection and response (EDR) is way more than simply antivirus software. Monitor the health and security of each endpoint (read: a device connected to the network) to zero in on the nooks and crannies criminals hope you neglect.
4. Keep up with software patches—it makes a difference and protects your network from exposure. In 2022, over 22.5 thousand new common IT vulnerabilities and exposures were discovered, a new record.
5. Make sure data backup follows the 3-2-1 rule: 3 copies, 2 different media formats, 1 stored offsite. If you’re not yet familiar with ISCorp, our exclusive hosting partner, be sure to check out their hosting and recovery options. Then put a disaster recovery plan in place. You can learn more in Disaster Recovery: The Skyward Way.
6. Make security training a regular routine of life. 82% of breaches in 2021 involved the human element. 35% involved the use of email. You can expect 7 to 10% of real phishing emails to filter through your blocking systems, so practice matters. Skyward IT Services has partnered with KnowBe4, the world’s largest integrated platform for security awareness training and simulated phishing attacks. With regular practice using KnowBe4 training programs, districts have gone from a 32% fail rate on phishing tests to a 4% fail rate.

During a ransomware attack

1. Contact IT immediately. Most people’s roles will stop after that, but they still need to be told what to do in the meantime and how to communicate with their own stakeholders and students. To that end, make community-facing personnel (admin assistants, teachers, etc.) aware of the situation and the unified messaging from the PR team.

1. Enact your district’s incident response plan.
2. Disconnect and isolate infected systems but don’t turn devices off.
3. Locate patient zero to identify the source and type of breach.
4. Contact your cyber insurance, response, and public relations teams.
5. Meet with vendors, work together, stay informed, and evaluate options for moving forward. There can be nuances that are critical to getting your systems back on track. We created an article, Know Your Skyward Support Options, to help you determine the best ways to get help from our team.
6. Record facts and file them for retrospective later.

After a ransomware attack

1. Rebuild your systems. The bad guys leave back doors, so never reuse compromised systems. Instead, after verifying it’s safe to do so, rebuild these systems from the ground up.
2. Learn from it. How did attackers get through? Re-evaluate policies and make changes to block copycat and repeat attacks. Make retrospective questions standard and include vendor notes and feedback. Keep these facts and findings organized and confidential but allow transparency to stakeholder teams. Knowledge is power and data is private.

Follow up resource: Skyward Trust Center