Skip to main content
Arrow right Get started Arrow log inLog in
Home
email
Get the newsletter
Newsletter
 search
Search blog
January 01, 2026 • read

You Found a Security Issue. Now What?

LinkedIn Card
Mike Bianco, CISSP
Edtech Thought Leader
In this article
Share this story

The IT equivalent of a bump in the night just showed up in your network, or so you suspect.

Maybe you’re seeing activity at strange times—wee hours of the morning or night owls just before midnight?

Maybe you just got the report that a user might have fallen for a phishing email sometime in the past month.

Maybe you’re face-to-face with a ransom message.

Whatever you’re staring down, a security team is waiting in the wings ready to support you. Let’s talk about how Skyward users of all types can report a security suspicion and protect school data.

 

⚠️ Important: Anyone can find a security issue

We’re going to discuss two paths to reporting an issue to Skyward. The first is for folks who are administrators of the software—support contacts with credentials. The second is for everyone else, because anyone can recognize and report something that doesn’t look quite right.

For users employed by the district, it’s important to make your IT team aware of any suspected issues. Let’s say you’re a teacher. You return from winter break to find a password change prompt in your inbox. You follow through and go about your day. Later, you realize not everyone got this message. This wasn’t a legitimate request for your admin; it was a phishing attempt. And now someone, somewhere, can log into your account.

Now replace that role with a administrator, staff, student, or parent. Bad actors will target lots of different users to find a gap in network security.

 

Blameless culture means security pros can step in faster

And time is of the essence. Bad actors get to work quickly, and in just a few hours they can reach farther into your network. That’s why we like to emphasize a blameless culture—that is to say, an employee will not face consequences for reporting a security problem. In fact, the earlier a suspected problem is reported, the faster experts can review and give an all-clear (best case scenario) or escalate to avoid further access to your network.

 

After you report, what happens?

Skyward has created documentation for responding to security incidents. Depending on what kind of situation you are facing, we are prepared to support.

Our response teams triage district reports. Issues are escalated to a security team internally. Depending on the situation, Skyward security professionals will determine which course of action to take. They will contact and advise your team, request any additional information, and guide the next steps for neutralizing the threat and recovering data, including working with ISCorp, Skyward’s secure cloud-hosting partner.

Our playbooks cover attacks of all kinds, including common ones such as ransomware and compromised accounts. For example, a compromised student account has a different level of access than a business office manager—documentation accounts for the nuances in response.

 

How to report a security issue to Skyward

  1. DON’T wait! Attackers will exploit time gaps.
  2. DO provide all details you have. Screenshots and error messages are very helpful.
  3. DON’T attempt fixes. You may lose evidence.

Choose one of these two reporting options.

Option 1: Service call (for Skyward users with credentials)

Use the typical procedure to create a service call, by phone or any other channel. Include:
  • a description of the issue and any screenshots
  • your name and contact information
  • the system you’re using (ERP, SIS, etc)
  • note that it is a security issue and mark as critical: this will escalate to the right team.

⏰ IF IT IS AFTER HOURS, please call or use option 2: the Trust Center.

Option 2: The Skyward Trust Center

If it is not possible or you do not have credentials to open a support ticket, please do the following.

Visit https://www.skyward.com/trust-center to open the reporting form. It will ask you to provide:
  • a description of the issue and any screenshots
  • your name and contact information
  • the system you’re using (ERP, SIS, etc)

Anyone can use this form to report a security issue. Data security in K–12 schools is a team sport, and we’re happy to have you on our team.

 

Notifying your team outside of Skyward

In addition to contacting Skyward for support, please reach out to your cyber insurance provider. You may also contact local law enforcement. It’s important to know these are calls Skyward cannot make for you, but we will work as a team with forensic authorities to protect your data as well as possible.

Next, investigate cyberreponse teams for your state. Wisconsin has a free program for school districts in need of support after a cyberattack. For other states, see the resources at the end of this article.

 

What else can I do to protect my district from cyberattacks?

You can create a strong, blameless culture of cyber-awareness. Train your team to expect malicious outreach from bad actors and let them know what action they can take when suspicious. You can make plans and procedures of your own within the district. Include the information in this article about reporting.

 

Find a cyber response team outside of Wisconsin

Your district’s IT or administrative team can use these links as a starting point to identify their local cyber incident response options and establish relationships before an incident occurs.

If you're outside Wisconsin and looking for a Cyber Response Team like Wisconsin’s CRT, start by searching for “ Cyber Response Team” or “ Cyber Incident Response.” Many states publish their cyber response units through their Emergency Management or Cybersecurity offices—similar to how Wisconsin lists the WI CRT through Wisconsin Emergency Management: 👉 https://wem.wi.gov/wisconsin-cyber-response-team/

If you cannot locate a team, contact your regional CISA office. CISA regional staff include Cyber Security Advisors (CSAs) who can direct you to state-level resources: 👉https://www.cisa.gov/about/regions


 

Follow-up resources: Reporting and responding to cyber security incidents

Find Skyward Security Best Practices
Get the K12 Guide from CISA
Report business email compromise (BEC) attacks to the FBI
FBI shares BEC tips for IT pros
Wisconsin DPI shares cybersecurity resources


 

Thinking about edtech for your district?
We'd love to help. Visit skyward.com/get-started to learn more.

Share this story
About the author
Mike Bianco, CISSP
Edtech Thought Leader


Read more from Skyward

Qmlativ Spotlight: Processing List Updates

Creating and editing processing lists just got easier. Check out these updates!

June 13, 2025 • Product Updates
Mastering Honor Roll, Rank, Report Cards, and Transcripts

It's time to start thinking about recognition for students who have gone above and beyond. Here's how you can do more honor roll, student rank, report cards, and transcript prep in Skyward.

February 06, 2018 • Tips
A Day in the Life: Personnel and Skyward Support Specialist

People and technology—two very different subjects personnel and support specialists must master. What does a day in their lives look like?

October 24, 2019 • Tips

This site uses cookies to improve your browsing experience and to help us understand how you use our site.
To learn more about how we use this data, click here. By continuing to use this site, you are consenting to our cookie policy.