Playbooks

Twelve scenarios. Written for the way K-12 districts actually run.

Each playbook gives you one scenario, a first-hour checklist, a decision tree, and the regulators to call — in plain language, no vendor pitch.

Encryption hits during classroom delivery — transportation routing, lunch accounts, IEP accommodations, or state testing.

Open

PowerSchool, Aspen, Infinite Campus, Skyward, or Synergy account takeover, grade tampering, or credential-stuffing.

Open

Compromised teacher mailbox — gradebook variant (transcripts) and the payroll-redirect variant (paycheck reroute).

Open

Compromised student account — and the triage 'is this a real compromise or a student prank?' decision tree.

Open

Templates by severity tier — SIS down one day, vendor PII breach, ransomware affecting operations, sextortion involving a student.

Open

MySchoolBucks, SchoolCashOnline, RevTrak, LINQ Connect — customer-data plus payment-processing implications.

Open

Tyler Transportation, Bytecurve, Versatrans — continuity-of-pickup, parent comms, safety implications.

Open

Extra-sensitive PII, extra-sensitive notification obligations. FERPA + IDEA + state-law overlay.

Open

Mandatory-reporting overlay. Coordinated with the hackfirstaid.com personal-tier sextortion playbook.

Open

Doxxing, AI deepfakes of teachers made by students, coordinated bullying campaigns crossing platform and school lines.

Open

Particularly access to grades, finance, or student data. Departing-employee overlay (mid-year vs end-of-year).

Open

PowerSchool's 2024-2025 incidents are the archetype. Generalizes to any SIS / LMS / payment / transportation vendor.

Open