School districts using G Suite and Office 365 must protect themselves from account takeovers
The number of account takeovers is rising, along with the damage they cause. School districts are particularly vulnerable to account takeover risks for a couple of reasons.
First, school districts are on the leading edge of adopting cloud computing and realizing the benefits of using applications like G Suite and Office 365. Unfortunately, district IT teams are not on the leading edge of cloud computing security. Many still mistakenly think that their firewall, MTA, and Google/Microsoft has their cloud environments protected.
Second, school district IT teams are notoriously underfunded and overwhelmed. With a relatively low IT to building staff/student ratio, your team is constantly being pulled in multiple directions, putting out all kinds of different fires. Often, cybersecurity resilience falls to the wayside because it gets little visibility or consideration from stakeholders. Until something happens.
Without the right safeguards, account takeovers are almost impossible to detect before they create chaos for school districts. And, cloud account takeover activity is on the rise. As of 2018, the number of documented and reported account takeovers increased by 79% over 2017.
[FREE CHECKLIST] G Suite & Office 365 Security Settings Checklist – Make Sure Your Security Settings Are Properly Configured >>
What is an Account Takeover?
In simple terms, an account takeover happens when a criminal obtains unauthorized access to one of a user’s online accounts. This access allows them to use it for some type of personal gain—typically financial.
Access to several types of personal online accounts can be stolen. These include an email account, bank account, or social media account. Often, access to one type of account leads to access to other types of accounts. In the school district environment, it can also lead to access to additional user accounts. Acting as the individual whose account they’ve hacked, criminals can send phishing emails, steal funds, make fraudulent purchases, and steal personally identifiable information, and harm the individual’s reputation using their social media accounts.
In a setting such as a school district’s, the criminal can takeover accounts that allows them access to many types of accounts including student records, school bank accounts, employee information and W2s, and administrative applications such as accounts payable.
A district must safeguard their organization’s data, including that of all the students who attend their schools. Therefore, schools need to be doubly careful about controlling account takeover risks.
4 Common Account Takeover Risks
Account takeover prevention starts with education because your employees and students can allow an account takeover without realizing it. You can also help reduce risks with relatively simple cybersecurity solutions.
1. Human Error
The most common way that hackers get control over an account is because of human error. And, the most common way this happens is when someone clicks on a link or opens an attachment in a phishing email. It’s critical that you conduct ongoing cybersecurity training to explain the consequences of ignoring good cybersecurity practices. Teach people how to spot a phishing email, and send regular updates as a reminder to remain vigilant.
Include education about lateral phishing emails; they’re one of the most dangerous types of phishing emails. Let’s assume that a teacher opened an attachment on a phishing email, and a hacker gained control over that email account. The hacker would then send lateral phishing emails to everyone on the teacher’s contact list. When other employees or students receive the email, their guard is down because they think someone they know sent them the email.
2. Weak Passwords
The UK’s National Cyber Security Center conducted a worldwide survey to identify the most common passwords that have been hacked in global cyber breaches. The most common password was “123456,” which is being used by 23.2 million people. As you can see, without proper education, many people are unaware of how critical it is to use strong passwords.
You can help fight weak passwords by creating password strength policies. Setting up 2-factor authentication features on your systems is an even more powerful safeguard you can use for account takeover protection.
If you use G Suite or Office 365, the vendors already offer some excellent security features. Make sure you’re using those security features correctly by using our Cloud Application Security Checklist.
3. Risky EdTech
The number of EdTech SaaS applications that are available to teachers, students, and staff is growing. Many teachers access these applications using OAuth, which connects the app to district Google and/or Microsoft environments. You need to understand OAuth risks and solutions in order to combat the problems that risky EdTech presents.
In addition, account takeovers are only one of the consequences of using risky EdTech. This makes your task of protecting district information systems even more of a challenge. Managing EdTech security risks must be a key part of your cybersecurity plans. You need to include:
- 24/7 activity monitoring
- Automatic action when a malicious app is discovered
- Updating your cloud safety measures
- Publishing an EdTech policy manual
4. Lack of Control Over Cloud Apps
Many people believe that they can completely protect cloud apps using firewalls and secure web gateways. They also believe that a Message Transfer Agent (MTA) will protect their cloud email apps, like Gmail and Outlook 365. Unfortunately, neither of those beliefs is true.
Cloud account takeovers don’t happen because of attacks that firewalls can stop. And they are notoriously difficult to detect. IT staff needs to be able to see the activity within their cloud apps. Without that type of visibility, account takeovers can happen and quickly spread throughout the organization right under their noses.
A cloud security audit for your district’s G Suite and/or Office 365 environment is the best way to determine where your cloud account takeover vulnerabilities exist. Further, monitoring for account takeover risks 24/7 is the best way to detect account takeover attempts and prevent them. Given the number of risks you face just for account takeovers, you’ll sleep better at night if you know that you’re doing everything you can to protect your schools, students, and staff.