Lack of a Security Strategy or Playbook
When creating an incident response plan, districts should ensure they have both a security strategy and an IR playbook.
The security strategy should be the foundation upon which the IR plan is built. However, districts and organizations sometimes rush to create a plan, or they draw up a plan using a generic template, without fitting it to their security strategy.
Make sure you’ve laid the foundation for your incident response plan with a solid strategy, and work with a trusted partner to create a playbook your organization can follow.
Failure to Use the Playbook
Once the playbook is created, all the stakeholders should learn it and use it. Playbooks can help keep everyone on the team aware of common attacks and consistent responses.
Cybersecurity can present an intimidating learning curve to those who aren’t accustomed to managing it. Using playbooks can keep everyone on the same page, especially in a high-intensity situation such as a cyberattack.
LEARN MORE: How can vCISOs help districts fill cybersecurity knowledge gaps?
No Tabletop Exercises or Staff Training
One of the biggest mistakes a district can make is to not practice its incident response strategy. Schools that enact their IR plan only when a cyberattack has occurred may find out too late that some part of the plan is faulty or out of date.
Practice incident response with tabletop exercises and train staff on their duties as well as current best practices to ensure the team is ready when your school becomes the target of cybercrime.