Texas school tech chief shares lessons on ransomware recovery

On June 17, 2021, I got the call that every IT guy dreads. Matthew Fields, now my executive director of technology, called me at 5am and he got the first notification at 1am that the email system was down. When he got to the office, he found the depth of the attack on the servers — and the ransom note on most devices.

I got this call after 30 days as the Assistant Technical Superintendent for the Judson Independent School District in Live Oak, Texas.

Shift priorities to manage ransomware attacks

My past 12 years of corporate and educational leadership have taught me that it takes you 6 to 12 months to develop a trusting relationship with your team.

A month into the job, I’m just starting to break down silos, improve cross-team communication, and work toward writing as a unified department.

However, the district’s network, computer applications, servers, communications and email systems were affected by the attack, and in at least one of our campuses, classes began weeks later. My attention quickly shifted to classification. Fortunately, we have the right team members to drive the region forward.

Click the banner Explore incident response resources from CDW experts.

Instantly build team spirit during incident response

Whether I’m there for 30 days or 100 days, I believe I have a responsibility to protect our schools from this. It is also my responsibility to build a team to get through this crisis.

On the morning we discovered the attack, our incident response team had their first meeting over coffee.

Over the next few days, I pulled the rest of the team into the cleanup. The 47-person technology department includes employees in data services, cybersecurity, instructional technology, library services, and more. We unplugged thousands of devices at over 30 sites.

I think one of the best things we do as a team is come together to solve problems. We had to cross departmental boundaries and start working together, and that work required a lot of communication.

If we dive into cleanup, I’m not doing what would be considered an administrative task. Sometimes my team and I are there, walking around campus.

related: Women in IT leadership share their principles for success.

Emotional Care and Ransomware Recovery

When it comes to disaster planning, we often think about developing playbooks, restoring our systems, and advocacy. All of these things are important, but we don’t usually think about emotional impact.

When you have a team of employees invested in the work they do, aggression does have an emotional impact on them. Planning for employee care is just as important as planning for techniques to recover from an attack.

We figured out ways to find joy in what’s going on, because sometimes things are bleak and depressing. We have to look for the positive, and we have to ask, “What’s one good thing we got out of this today?” We have a lot of these conversations.

Getting back up and running on the first campus created some momentum and gave us hope. We’ve created a system that’s very close to how a normal school year starts, and we’ve replicated that system on other campuses so that all 26,000 students can continue to receive the quality education they deserve.

Source link