In the “After a Ransomware Attack: Lessons Learned” session, a panel of Port Neches-Groves ISD employees — including the technology director, a librarian and a high school principal, in addition to Gonzalez and Gauthier — candidly shared what it was like living through the attack, where they went wrong, and what improvements they made in the aftermath.
In November 2019, someone clicked on a link in an email, and all the files in the district were encrypted, including files in the cloud for some people. Thankfully, the district had insurance, and when the attack happened, it turned to its insurers for assistance. Port Neches-Groves panelists shared some key takeaways from the experience:
To Pay or Not to Pay a Ransom
Today, the advice is not to pay ransoms. However, back in 2019, Port Neches-Groves leaders said there wasn’t a lot of guidance on how to manage that type of situation. Technology Director Crystal Werkheiser, who was the director of instructional technology when the attack occurred, said guidance from the district’s insurance company was part of the reason they paid.
READ MORE: Create an effective incident response plan for your district.
“We also weren’t confident in our backups,” she said. “That was something we weren’t checking every night. Sometimes it would run, sometimes not. We couldn’t deny that. So now we’re confident in our backups if it were to happen again.”
Get an Outside Third Party to Review Your Security System
To make sure that they were doing everything they could do to keep the district safe, Gonzalez hired an outside firm to check for vulnerabilities. After running tabletop exercises and discovering weaknesses, the district made several changes to its security plan.
GET STARTED WITH SECURITY: See how CDW•G helped one school amp up security.
Make Regular IT System Updates
Werkheiser freely admitted that the district had made errors that left them vulnerable to attacks. “We had servers running outdated operating systems. Over 75 percent of our computers were running on Windows 7,” she said. “We also needed to be better stewards of our information. We had given privileges to a lot of people who didn’t need it. Now we are taking back a lot of permissions that we had given over the years.”