When: June, Thursday evening

Where: Administrative office

Scenario 1 | Phishing Incident:
The day following the district’s normal payday after receiving several angry phone calls, the business office staff discovered that multiple district employees had fallen victim to a phishing scheme that redirected their direct deposit paychecks.
Several weeks earlier, an email was sent out to all district employee email addresses directing employees to click on a link in the email to update their payroll passwords or they would lose access to their accounts. The email used the district’s logo and appeared to come from the IT department. Multiple employees clicked the link in the email and changed their passwords.
Unfortunately, this email was a common phishing scheme that tricks employees into clicking on a link that prompts them to enter their password, often under the guise of preventing them from being locked out, updating their account information, or resetting a password about to expire. In many cases, both the initial email and the website the link leads to are designed to look legitimate. Once the cybercriminals have the employee’s real password, they login to the self-serve portal and change the employees direct deposit account to one they have access to. Many employees only learn that they were tricked once their paychecks fail to show up in their accounts on the next payday. What are your next steps?


Scenario 2 | Ransomware Incident:
At around 4:00 PM the special education director’s laptop suddenly displays a message that states all files have been encrypted and demands payment in exchange for the decryption key. The message states that the ransom, currently $5,000, will double to $10,000 if payment is not sent in bitcoin in the next 48 hours. If you refuse to send payment after 96 hours all the encrypted files will be deleted and therefore become completely unrecoverable. The laptop contains evaluation and progress monitoring data on numerous students as well as the evaluations of several employees. How do you proceed?