Those are excellent examples! We talk a lot about vendor contracts and clearly delineating who is responsible for what in the event of things going sideways. Having a good communication plan in advance is definitely key. Another thing that comes up often is having printed copies of the plan stored somewhere safe in the event that you can't get into your system.
Thanks for sharing, Dan and Bill!
Dr. Ashley Cross
Original Message:
Sent: 03-13-2023 08:37 AM
From: William Stites
Subject: Let's talk cyber
I think that @Dan McGee 's example of the Blackbaud breach is excellent as it points out two important pieces. One is that we have so much of our information with larger companies and need to be well-versed in their level of compliance, data backups, recovery, and liabilities. Knowing who will eventually be responsible for the people impacted is critical.
Two is that the Blackbaud breach taught that good data management practices are CRITICAL. In closed-end systems, where we have limited ability to track custom data, that information can often be held in fields not designed for that data type. These "storage fields" may be known to the institution but are not standard fields used for this information. When this occurs, the larger company, and the institution, can't know what was truly exposed.
------------------------------
William Stites
Montclair Kimberley Academy
Montclair NJ
Original Message:
Sent: 03-10-2023 11:23 AM
From: Dan McGee
Subject: Let's talk cyber
This is such an important topic, and it's so often at the end of our priority list in schools. With so much in the cloud today, a benefit is that we don't directly manage the cyber security aspects of a given system, but a drawback is we are downstream from the system if a cyber incident occurs, placing us in the middle between the company and our constituents. For that reason, communication skills come to the forefront, where the skill of discerning information that needs to be converted to appropriate messaging for those in our community whose data may be affected.
Two examples of "being caught in the middle" are the Blackbaud breach, which was a real data breach situation that resulted in insurance claims on our part, and the Seesaw incident that occurred in the fall and resulted not in a data loss, but swift communication to parents who may have seen an inappropriate image.
------------------------------
Dan
Daniel C. McGee, M.A., M.Ed.
Director of Technology & Library Services
dMcGee@LaurelSchool.org
Direct: 216.455.3051
Laurel School
One Lyman Circle
Shaker Heights, OH 44122
LaurelSchool.org
Original Message:
Sent: 03-09-2023 05:39 PM
From: Ashley Cross
Subject: Let's talk cyber
Can you share an example of how you've effectively managed a crisis situation related to technology (e.g. cyber attack, system failure)? Comment below!
If you want to be more prepared for future crisis situations (or avoid them if possible!), join us next week as special guest James R. McQuiggan (a Security Awareness Advocate for KnowBe4) shares 'The ABCs of Cybersecurity Awareness Programs'. We'll discuss awareness, behaviors, and culture.
Register here free for ATLIS members
#CybersafetyandDataSecurity
------------------------------
Dr. Ashley Cross
Senior Director of Education and Content
www.theatlis.org
888-502-8547
------------------------------