The Los Angeles County Office of Education’s Technology Services Department held its second Cyber Tech Talk in April, with over 60 attendees from various school districts across LA County. This session focused on a crucial yet often overlooked aspect of cybersecurity: Cyber Incident Response Preparation.

The informative presentation, delivered by LACOE’s Information Systems Security Officer Robert Dotson, emphasized the importance of being proactive in the face of potential cyber threats. Here are some key takeaways for school districts looking to bolster their cybersecurity defenses:

1. Plan Ahead, Don't Panic!
   It is critical to have a pre-defined incident response plan. Having a clear roadmap in place allows for a swift and coordinated response during a cyberattack, minimizing disruption and safeguarding sensitive data.
2. Every Detail Counts: Collect Evidence and Data
   In the aftermath of an incident, every piece of information becomes valuable. Dotson advised attendees to have a system in place for collecting and preserving evidence, such as log files, emails, and network activity data. This information is crucial for forensic analysis and identifying the scope of the attack.
3. Learn from Every Incident: Identify Areas for Improvement
   Cybersecurity is an ongoing process of learning and adaptation. Dotson highlighted the importance of conducting thorough post-incident reviews. By analyzing what went wrong, schools can identify vulnerabilities in their defenses and implement measures to prevent similar attacks in the future.
4. Stay Calm Under Pressure: Don't Panic!
   While a cyberattack is a stressful event, staying calm is essential for effective response. Dotson advised against making hasty decisions in the heat of the moment. Following the pre-defined plan will ensure a measured and coordinated response.
5. Communicate Strategically: Don't Share Details Without Involving Your Communications Team
   Transparency is important, but not at the expense of further compromising sensitive data or ongoing investigations. Dotson cautioned against publicly sharing details of an incident without involving the district's Communications team. A coordinated communication strategy can minimize reputational damage and public anxiety.
6. Preserve the Evidence: Don't Delete Files or Correspondence
   The urge to clean up after an attack might be strong, but it's crucial to resist the temptation to delete files or communications. Dotson emphasized that seemingly unimportant data can hold forensic value and aid in the investigation.

By following these key points, school districts can significantly improve their preparedness for cyber incidents. A proactive approach, coupled with a well-defined response plan, can help minimize the impact of an attack and ensure the safety of student and staff data.

The event also included keynote presentations from the Federal Bereau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). For more information about how to protect your school district, please email us at info-security-questions@lacoe.edu.