Data breach response checklist for schools 1

Suite 1, Level 316 - 18 Wentworth StreetParramatta NSW 2150

Tel 1300 797 888

www.empowerit.com.au/education-solutions

Data BreachResponse Checklistfor Schools

Data breach response checklist for schools 2

Why does my school need an incident response plan? 3.

How to identify a data breach 4.

Containing the threat 5.

Analyse the attack and recover 6.

Notify regulators and affected parties 7.

Evaluate your school’s response 8.

How we can help 9.

End-to-end solutions 10.

Table of contents

Data breach response checklist for schools 3

Why does my school need an incident response plan?

No matter how strong a school’s defenses are, there’s always a risk of a data breach. It can be caused by hackers, malicious insiders, or careless staff. You can however soften the blow of a data breach with a well-thought-out incident response plan.

Most independent and Catholic schools in Australia must comply with the operation of the Privacy Act. Seperate state-based laws apply for State schools, yet still have responsibilities and risks if private information is not properly secured. All schools need to take into account any private information held within its data, including:

• student and guardian names, DOB, address and contact details

• academic records and reports

• medical information

• BSB and account details

• donors or donation amounts

• teacher and staff information (including tax file numbers)

By having an incident response plan in place, it enables your school to respond quickly if sensitive data was accessed, modified, stolen, or copied by unauthorised individuals. It’s vital for minimising the financial, reputational, and emotional harm to school, staff, students and stakeholders. Your plan should involve appointing a response team comprised of IT, legal, and risk management personnel, and establish their roles during the crisis. You must also define what constitutes as a breach to help staff recognise one and establish a clear action plan.

For more information on our education solutions for schools, go to: www.empowerit.com.au/education-solutions

Data breach response checklist for schools 4

The first thing you should do is confirm whether a data breach has actually occurred. Signs of a breach can range from subtle to obvious depending on the cyberattack. If hackers use ransomware, for instance, your files will be encrypted and a ransom note will be displayed on your screen. However, if they use covert spyware programs, there may be no obvious signs of a breach other than unusually slow computer performance.

Other signs you should watch out for include unexpected software installs, website redirects, login issues, unusual network activity, and critical file changes. You should also conduct a comprehensive security assessment and a full system scan with anti-malware software to be sure.

How to identify a data breach

Data breach response checklist for schools 5

2. Containing the threat

If you discover a breach, it’s important to take swift action to prevent further damage. Here’s what you should do:

Disable your network to limit the spread of self-propagating worms and ransomware.

Disconnect affected devices and wait for security experts to arrive.

Use backup workstations and servers if possible.

Advise your staff to update their passwords.

Re-assess access privileges for each staff member.

Keep activity logs from the time of the breach for forensic analysis.

All schools regulated by the Privacy Act are required to publicise and notify certain data breaches. If a data breach affects personal information, it must be investigated to determine whether there is a mandatory obligation to notify affected individuals and the Privacy Commissioner. Read more here.

Data breach response checklist for schools 6

3. Analyse the attack and recover

Analysing the attack can help your school understand the severity of the data breach and learn how to prevent hackers from using the same strategy again. This involves finding out the origins of the attack, what information was compromised, the potential risk to affected individuals, and if there are patches and fixes you forgot to apply. You’ll have to consult with security experts in this phase.

Then, you need to repair your systems. Follow these steps to get your school back on track:

Remove any detected malware with anti-malware programs.

Use approved decryption software to crack certain types of ransomware.

Install the latest firmware, software, and security patches.

Wipe affected files and restore clean copies of your data with cloud backups.

Data breach response checklist for schools 7

4. Notify regulators and affected parties

According to the Notifiable Data Breach scheme, every organisation that manages personally identifiable information is required to report data breaches to the Office of the Australian Information Commissioner (OAIC) and affected entities. Failure to comply with these regulations can lead to fines of up to $1.8 million, not to mention the potential backlash. To avoid costly penalties, make sure you:

Notify the OAIC as soon as possible.

Create a communication strategy detailing what response staff are supposed to say to stakeholders after a breach.

Send emails that explain what data was compromised, how the breach occurred, what actions you’ve taken to fix the issue, and what they should do.

Set up an FAQ page so affected parties can learn more about the incident.

Draft a prompt press statement about the mistakes that led to the breach.

Data breach response checklist for schools 8

5. Evaluate your school’s response

When an incident has been resolved, it’s important to review how well your school managed the crisis, evaluate your backup solutions, and identify areas for improvement. If you noticed that it took a long time for your school to detect a breach, you may need to invest in threat detection tools and 24/7 network monitoring services.

You should also take this time to retrain staff on their incident response roles and provide a quick refresher course on cybersecurity best practices to reduce the chances of future breaches.

Data breach response checklist for schools 9

5. How we can help

At Empower IT Solutions, we understand the importance of ensuring students can use the internet safely and responsibly. That’s why we preconfigure Australia’s most trusted student wellbeing and cybersafety technology, CyberHound on all our Managed BYO Devices. To ensure your school is protected against data breaches, we install the following measures:

• CyberHound software: ClearView platform, Roamsafe and Classroom control

• usage policies and security settings

• web and content filtering

• intrusion prevention systems

• level 7 firewall

• anti-malware software

• mobile device management system

• staff security training program

• backups

To find out more, visit our Solutions for schools page, or speak to our Education Solutions Manager to discuss your individual school requirements.

Data breach response checklist for schools 10

E N D - T O - E N D S O L U T I O N S

E d u c a t i o n S o l u t i o n sManage d BYOD s o lu t ions , s choo l ne t wor k management ,

te chno log y f und , mobi le de v ice management

M a n a g e d I T S e r v i c e sManage d I T s er v ice de sk , manage d I T in f ras t r uc t ure ,

manage d I T moni tor ing , manage d b ack up, mobi le

de v ice management

C l o u dPr i va te c loud , c loud mig ra t ion , c loud b ack up, o f f i ce 3 65

for bus ine s s , job management s y s tem

I T S e r v i c e sI T pro je c t s , bus ine s s phone s y s tems , I T p lanning , I T

s y s tems hea l t h che ck , e duc at ion s o lu t ions

T e c h n o l o g yD y namic s 3 65 , SharePoint , O f f i ce3 65 , Power B I