Post-incident
All staff members involved in the incident should have some form of debriefing interview. You should also review all actions to check you took the right steps to mitigate the incident.
This includes communicating to all stakeholders internal to your setting, such as to the SLT Digital Lead or Senior Leadership.
You should also communicate to people outside the organisation, if they were impacted. For example, if parent or learner data was compromised, legal guardians must be informed “without undue delay” according to GDPR.
Present your incident review report to senior leadership.
After the incident
It is important to remember that everyone should remain vigilant and be aware of possible future attacks. Use your experience in training activities and to review or update your cyber response plan and cyber risk assessment.