Key Finding 1: Prioritize actionable steps to reduce cybersecurity risks (part 3)

Completed

In this unit, you use your knowledge of CISA Key Finding 1 to develop a cyber incident response plan with your cybersecurity team and create a training and awareness campaign.

Develop a cyber incident response plan

Experiencing a cybersecurity incident involving the disruption of school operations, fraud, or a potential data breach is stressful. The way a school or district handles and responds to security incidents has a significant impact on how well they can manage and reduce risks. Having a plan in place is key. CISA recommends that school leaders work with stakeholder groups to create, maintain, and exercise a basic cyber incident response plan that includes clear procedures to follow in the event of a cyberattack.

The first step is to have an incident response plan (IRP) in place that encompasses both internal and external processes for responding to cybersecurity incidents. The plan should detail how your organization will:

• Address attacks that vary in terms of risk and impact of the incident.
• Define the purpose of the response, such as a return to instruction or to handle legal or public relations aspects of the attack.
• Prioritize the work that needs to get done in terms of how many people should be working on the incident and their specific tasks.

During an incident, it’s critical to:

• Keep calm: Incidents are disruptive and can become emotionally charged. Stay calm and focus on prioritizing your efforts on the most impactful actions first.
• Do no harm: Confirm that your response is designed and executed in a way that avoids loss of data, loss of operational-critical functionality, and loss of evidence. Avoid decisions that can damage your ability to create forensic timelines, identify root cause, and learn critical lessons.
• Involve your legal department: Determine whether they plan to involve law enforcement so you can plan your investigation and recovery procedures appropriately.
• Be careful when sharing information about the incident publicly: Confirm that anything you share with your community is based on the advice of your legal department.
• Get help when needed: Tap into deep expertise and experience when investigating and responding to attacks from sophisticated attackers.

Microsoft provides education organizations with two types of resources: proactive planning guides and reactive solutions that automate issue detection and resolution. These solutions include Microsoft Sentinel and 365 Defender, which defend against and respond rapidly to cyberattacks as part of a school's comprehensive IRP. For a preview of what Microsoft 365 Defender can do for your school, navigate through this interactive guide.

Next steps

1. Take some time to look through the K12 SIX Essential Cyber Incident Response Runbook, which includes guidance for K-12 organizations around coordinating with internal and external partners, stakeholder communication, and managing student-initiated incidents.
2. Begin planning each step in your cyber incident response plan (or review your existing plan if there's already one in place). Use this incident response planning checklist from Microsoft for support.
3. Engage in tabletop exercises to assess and enhance your organization’s incident response readiness. These exercises involve gathering key stakeholders, such as IT personnel, security teams, administration, and relevant departments, to participate in a facilitated discussion of a hypothetical cyberattack or data breach. Use CISA’s comprehensive collection of tabletop exercise packages to begin.

Create a training and awareness campaign

The primary cause of most cyberattacks stems from unintentional mistakes made by individuals and a lack of proper adherence to cybersecurity protocols. Training educators, staff, and students can greatly strengthen your school's cybersecurity posture. A strong training and awareness campaign helps build a collective defense against cyberattacks, reducing the likelihood of successful breaches and minimizing the potential impact on your school's digital infrastructure and sensitive data.

Microsoft provides schools with interactive lessons, programs, resources, and conversation guides to help school leaders meet their cybersecurity training goals. Explore these resources to support your school’s training and awareness campaign.

• K-12 cybersecurity conversation guide: A guide to help parents, teachers, school administrators, and guardians have conversations instructing K-12 students about safe cyber practices.
• Think for a tick before you click: An infographic to show how hackers disguise phishing links and scam ads as credible sources to trick you into clicking on them.
• Microsoft Learn: A platform designed for learners of all ages and roles to find content designed for their specific needs from the Student Hub and Educator Center to Educational Leadership resources and Security Career Paths.
• Minecraft Education’s Cyber Safe–Home Sweet Hmm: A one-hour, fun, and creative introduction to a safer and better internet and the principles of digital identity, online safety, and privacy. This student and family-friendly training includes an Educator Guide, presentation decks, workshop toolkits, and certificates of completion.

Next steps

1. Think about the steps you have already taken towards cybersecurity training with your students and families. How could this awareness campaign fit into your existing cybersecurity training? What needs do you still have, and how could these resources fill the gaps?

2. Develop a plan for role-based cybersecurity training. Use this guidance and resources for support as you begin.

   • Students: Develop and implement age-appropriate cyber hygiene and security resources and instruction. Consider addressing relevant and tangible topics such as protecting passwords, protecting private information, and letting adults know if they made a mistake. Explore Common Sense Education's Privacy & Security resources and CISA’s Cybersecurity Awareness Program for Students to get started.
   • Staff: When school leaders work to make their staff aware of cybersecurity’s importance, they can achieve a better sense of security for the entire community. CISA recommends that all staff members receive annual training on phishing, email compromise, basic operational security (OPSEC), and password security. Explore CISA's staff cybersecurity resources to get started.
   • Community: A proactive school cybersecurity solution acknowledges the importance of the community. Consider how your training program can serve parents, volunteers, and other residents to better support your learners and improve cybersecurity throughout your community. Explore GCFGlobal’s cybersecurity resources and CISA’s Cybersecurity Awareness Program for Parents and Educators to get started.

Wrap up Key Finding 1

In the last three units, you focused on the most critical recommendations for reducing cybersecurity risk and exposure. As you continue your journey, you take the next step toward further ensuring security while addressing resource constraints and leveraging support resources.