Matrix cyber attack

Responding to a Cyberattack

6 Steps to Take Before Going to Your Insurance Carrier

Responding to a cyberattack has become an all too frequent task for school districts across the country. As a result, cybersecurity is a responsibility for everyone involved in K-12 education.

Cybersecurity attacks pose an incredibly costly threat to school districts across the United States. According to Comparitech, a cybersecurity and online privacy product review website, recently reported global ransomware attacks against K-12 and higher education institutions—breaching over 6.7 million personal records—cost over $53 billion in downtime between 2018 and mid-September 2023.

Everyone in the school district, including teachers and non-instructional staff, have responsibilities to prevent cybersecurity attacks and keep the learning environment safe for everyone.

However, with cyberattacks a constant threat, preventative measures are only part of the preparative measures taken by school districts. In addition to developing cybersecurity incident response plans, a great many districts also acquire cyber insurance.

With cyberattacks against districts increasing in prevalence, this post outlines response actions your district should immediately take once the determination has been made that an incident has occurred. First, however, we’ll differentiate between a cyberattack and a data breach.

What is a Cyberattack or Data Breach?

Data breaches result from cyberattacks, but not all cyberattacks result in data breaches. A school district might very well ward off a cyberattack before any data breach occurs.

According to the National Institute of Standards and Technology, a cyberattack is “any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.”

Conversely, a data breach, as defined by IBM, is “any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data or organizational data.

There are many types of cyberattacks, and the most prevalent include the following:

  • Phishing, a social engineering cyberattack tactic, is the fraudulent practice of sending emails or other messages to induce people to reveal personal information, such as passwords, credit card numbers, etc.
  • Baiting is similar to phishing and promises items and/or goods to entice victims, like free music or video downloads. Those downloads carry malware that then infects the device and network.
  • Ransomware is malicious software designed to block access to a computer system until a sum of money (i.e., ”ransom”) is paid.

Responding to a Cyberattack and Data Breach

Your school district may well have cyber insurance and if so, your carrier will likely offer both expertise and tailored services to ensure a complete response to your immediate threat and better defenses against future attacks. If—or, perhaps in this day and age, when—you experience a cyberattack, your insurance carrier will help you take the correct response steps. However, there are six immediate steps you should take to minimize the imminent threat and its potential damage prior to notifying your insurance carrier.

Six Immediate Steps to Take in Responding to a Cyberattack

  1. Contain any possible data breach. Your first step in responding to a cyberattack is to determine which servers may have been compromised and isolate them as quickly as you can to ensure other servers and devices won’t be compromised.
  2. Install any new security updates. Get to any updates and patches you have previously delayed in implementing. And, remember for the future, an ounce of prevention is worth more than a pound of cure.
  3. Maintain all firewall settings. The continued configuration, monitoring, and maintenance of your district’s firewall will protect your district from further cybersecurity breaches.
  4. Disable remote access. Deactivate all remote access tools, even those used by your internal IT team.
  5. Change all passwords. Change all affected and vulnerable passwords at once. As should be typical practice, create strong passwords and do not reuse passwords on multiple accounts.
  6. Disconnect from the internet. Your last step before contacting your carrier is to take your district offline.

Notify Your Cyber Insurance Carrier

Cyber insurance helps your school district recover from cyberattacks and any data breaches. Notify your carrier as quickly as possible after you determine a cyberattack has taken place. In fact, use a parallel approach, completing the six tasks above at the same time as you reach out to your carrier.

Activate Your Data Breach Notification Response Plan

Working with your cyber insurance carrier, you’ll need to determine if the attack successfully caused a data breach. If so, it’s then when you need to activate your data breach notification plan.

Your plan will have three primary stakeholders: 1) school district personnel, 2) students, and 3) student parents and guardians.

First, notify all your district staff, including the school board, informing them what happened, when it happened, what steps have been taken thus far, and what the immediate next steps will entail. Define clearly how district personnel should communicate regarding the cyberattack both internally and externally. Consistency in messaging, particularly to students, parents, and guardians, will be important to eliminate unwarranted speculation.

Once you have communicated to your district personnel, you must then begin notifying students and their families. It’s important to be as transparent as possible in your communications, clearly communicating all relevant information as it becomes available. Best practice includes establishing a dedicated and staffed hotline to address any questions and concerns presented by your constituents.


All cyberattacks are both stressful and costly, particularly ones that result in critical data breaches. However, by taking the actions outlined above, your school district will be positioned to effectively recover as quickly as possible. Furthermore, you’ll be better positioned to ward off future cyberattacks successfully.

Cybersecurity is a prominent issue in school districts, and it’s everyone’s responsibility, not just that of the Information Technology team. Regularly train your district personnel, ensure systems and devices are continually updated, and keep your response plans updated and current.