After a Cyber Attack: Dos and Don'ts for Higher Education IT Staff

• 05/10/23

After the drama and stress of an attack and recovery, many teams skip this step altogether. Make sure your team takes the time to review after the dust settles and puts a plan in place to improve. And, make sure you do this before so much time has passed that the details are fuzzy.

After a Cyber Attack, Don't:

Try to cover it up. At times, you may need to collect all the information needed and coordinate with pertinent authorities to figure out what should be shared and what should remain confidential. Your stakeholders might not be able to obtain every detail they desire at a particular moment; however, it is not advisable to attempt to keep the facts hidden. This could hurt your reputation, deny you access to available resources, and cause other schools to remain unaware of the matter, potentially making them vulnerable to the same issue.

Distract your recovery team from their work. Although understandable in the circumstances, it is often best for those in leadership roles to refrain from getting overly involved. Trying to control the situation can be disruptive and impede the professionals from completing their tasks. Therefore, it is best to step back and let the experts do their work.

Expect recovery to be fast. The recovery process for an attack will depend on its type, scale, and scope. The team working on the recovery will assess which systems have been impacted and prioritize them based on factors such as their importance to school operations, the extent of their impact, and how quickly they can be brought back online.

Although it may appear that less essential systems have been brought back first, this may be the case if they were deemed to be non-compromised and the recovery process for more complex issues was still in progress. Recovery will not be a linear process, and new issues may need to be addressed along the way.

Think that this will never happen again. Organizations are often attacked multiple times, with the same group attempting to exploit the same vulnerability. This is why assessing the incident and strengthening cybersecurity practices and incident response is essential. Closing any existing cybersecurity gaps is also necessary to secure your systems and data. Basic techniques such as multifactor authentication, least privileged access, monitoring, and automation can help protect your systems and make responding to any breaches faster.

In order for higher education to remain resilient in the long term, it is vital to establish a mindset that ties cybersecurity to quality of education. This way, schools can always be aware of their risk profile and adjust their prevention and mitigation strategies accordingly. Digital transformation and cyber threats will be an ongoing reality for colleges and universities moving forward.