Cyber Attack Prevention Tips
- CSD Pool members will find more information at csdpool.org/services/cyber/eriskhub
- Set up two-factor authentication on external access systems (VPNs, email, etc.)
- Ensure that your WiFi network is encrypted
- Configure firewalls to block access to known malicious IP addresses
- Conduct an annual vulnerability assessment
If you suspect you are experiencing a Distributed Denial of Service (DDoS) Attack
- Call your Internet Service Provider (ISP) to determine if there is an outage
- If the attack is real, ask your ISP to block the attack and ask for all relevant logs
- If a loss has occurred, notify your insurer of the attack and provide all documentation
If you suspect that your district is the victim of a data breach
- Assemble management and IT staff to ascertain if there was a breach of data
- Confirm the goal of mitigating loss to customers/patients, the district’s reputation, and avoiding lost revenue
- Attempt to assess the severity of the incident and what specifically was taken
- Consider contacting law enforcement, legal counsel, security experts, and data breach specialists to assist in recovery
- Attempt to contain the damage or restore your system security
Following a data breach event
- Consult with a third-party expert to safeguard against future attacks
- Log the hours spent coping with the event
- Secure all spreadsheets, logs, audits, and notes, regarding the breach
- Notify your insurer
- Consult legal counsel about notification to any individuals whose personal information may have been compromised
- Offer any injured parties credit monitoring services (without admitting fault)
- Report the incident to state and federal regulators as required by statute
The advice listed here is taken from Ready for Anything, our guide to responding to disasters and calamities big and small.
For your free copy, email us at info@csdpool.org.
