Florida School District Thwarts Phishing and Unauthorized Account Access Attacks
Gadsden County Public Schools is a K-12 district located northwest of Tallahassee, Florida. The IT department of three staff members supports the technology infrastructure and security needs of about 4,500 students and over 850 employees.
Stephen Gauss is the Systems Engineer. In his role, if it touches the network, it has to go through him first. Gauss is also responsible for cloud systems, on-premises servers, and work station environments. His biggest responsibility is the security of the district’s technology infrastructure and data.
In 2013, Gadsden decided to start making the transition from on-prem software to the cloud. They started by rolling out Google accounts for Gmail, then slowly spread into using other Google Workspace apps. They are also using Microsoft 365 for some of its applications, and a variety of cloud-based EdTech applications such as i-Ready and ABCmouse.
The decision to move to the cloud was mainly based on the ability it provides to rely on other people’s technical expertise. Cloud computing is a more secure and stable option than on-prem IT infrastructure. Vendors focus on the security of the application’s infrastructure, traffic, and operating system. They’re also responsible for uptime and will have a service-level agreement for it, so system administrators don’t have to spend time tinkering with server issues.
Additionally, cloud app vendors usually have their own support staff and a great online knowledge-base. For Gauss and his team, that means they don’t have to get a phone call for every support issue that comes up with their users.
“Google Workspace has its own scanning system. But it runs in the background and it’s not reported very well. We couldn’t see our overall status and we couldn’t see what was happening. We definitely couldn’t see any attacks coming in or how our users were acting online.”
— Stephen Gauss, Systems Engineer
“We’re a pretty small group here and there’s a lot of people with different technologies these days. You can’t expect just one person to provide all those services,” says Gauss. “Moving to Google Workspace and other cloud apps is a win because they can provide a lot of services quickly, efficiently, and securely. This allows our team to focus on other priorities.”
But there were also challenges to making the move to the cloud. The initial challenge was the age-old change resistance issue, followed quickly by bandwidth issues. Soon after the bandwidth issues came the cybersecurity issues.
“We started dealing with hackers right around 2013. The first time we were actually affected by an incident—beyond the usual phishing attempts—was when one of our websites was taken down,” Gauss recalls. “It wasn’t an important website and nothing was really impacted. But, boy, was it eye-opening.”
The IT department at Gadsden County Public Schools had antivirus software and a firewall at the edge. Like every school, they also use a content filter for eRate and CIPA compliance. But they quickly realized that they lacked the visibility and control they needed to secure Gmail and Google Workspace.
Gauss of course had access to the native security tools provided in Google Admin Console. But they were insufficient from usability and reporting standpoints.
“Google Workspace has its own scanning system. But it runs in the background and it’s not reported very well,” explains Gauss. “We couldn’t see our overall status and we couldn’t see what was happening. We definitely couldn’t see any attacks coming in or how our users were acting online.”
When they first made their transition to the cloud, they thought that everything was secure and it was being taken care of by Google. This is a common misunderstanding amongst Google Workspace for Education users. While Google is responsible for elements like physical, infrastructure, traffic, and operating system security, customers are responsible for their own data and user access security. This is the standard “shared security” model for all software-as-a-service (SaaS) providers.
As a result of this misunderstanding, the district began to experience issues when users downloaded viruses from their school Gmail accounts. After a couple of incidents, the cloud security vulnerabilities became a headache and the IT team decided to start looking for a third-party security solution.
“Cloud Monitor caught a dozen phishing attempts and disabled a couple of accounts that had logged in from overseas just this morning. I’m grateful that I have Cloud Monitor to catch and remediate these attacks quickly. The Login Analyzer is particularly helpful because we’re able to see where logins are coming from. There’s no way our small team could stay on top of it all while also supporting our students, faculty, and staff.”
— Stephen Gauss, Systems Engineer
The team had been researching solutions to their cloud security problem for about a year before they found out about Cloud Monitor. All of the solutions that they came across previously required installing an agent, proxy, or gateway on-premises or in-line on the network.
But Gauss and the team were looking for a lightweight solution that didn’t have to sit on-premises and could be completely managed from anywhere. Cloud Monitor fit all of these requirements and more. It’s lightweight, effective, and hosted entirely in the cloud. Best of all, it’s fast to implement and easy to administer.
Cloud Monitor is a cloud-native cybersecurity and safety platform developed specifically for K-12 schools. The platform uses API integrations and artificial intelligence to monitor school districts’ Google Workspace and Microsoft 365 environments for security risks and student safety signals.
Although over 97% of U.S. school districts use cloud applications for data storage, communication, learning management systems, and more, most continue to rely on perimeter-based firewalls, mail transfer agents (MTA), and content filters. This is often due to the misunderstanding regarding shared security responsibilities in a SaaS model. Unfortunately, what you don’t know can hurt you—and others.
Cloud Monitor helps schools stay compliant with a variety of federal, state, and local cybersecurity, student data privacy, and student safety regulations. The platform detects and remediates common cybersecurity issues such as phishing and malware attacks, account takeovers, and data loss—whether it’s accidental or malicious.
It also identifies all apps connected to the domain using OAuth and categorizes them by risk level. This feature empowers IT admins with the ability to revoke access, sanction, and unsanction SaaS apps in their environment. Alerts and remediation can be automated using out-of-the-box and customizable policy enforcement.
During their 30-day free audit, the Gadsden IT team discovered that not only does Cloud Monitor simply work, but also that the company’s tech support is responsive and friendly. They also liked that it was fast to implement and that it’s invisible to the end-user.
“Onboarding with Cloud Monitor was easy and straightforward. We didn’t have to make really any changes to our systems or set up,” Gauss says. “And the support is great. Any time there is a question or an issue, they’re right there and it’s taken care of quickly.”
Using Cloud Monitor, Gauss gained the ability to protect his users from phishing attacks and other data security threats in their Google Workspace domain. The platform has also caught several brute force attacks originating from outside the U.S. and is able to disable those accounts quickly and easily.
When Gauss and the rest of the IT team at Gadsden County Public Schools started their journey to find a cloud security solution, they mainly focused on the phishing issues they were experiencing. When they became a ManagedMethods customer in early 2019, they found a platform that protects their users from phishing emails and their Google Workspace environment from unauthorized access.
“Cloud Monitor caught a dozen phishing attempts and disabled a couple of accounts that had logged in from overseas just this morning. We seem to be a high target these days,” says Gauss. “I’m grateful that I have Cloud Monitor to catch and remediate these attacks quickly. The Login Analyzer is particularly helpful because we’re able to see where logins are coming from. There’s no way our small team could stay on top of it all while also supporting our students, faculty, and staff.”
For the IT team at Gadsden County Public Schools, Cloud Monitor also provides peace of mind. Now, they have a centralized dashboard that shows where attacks are coming from, and where they may already exist within the district’s Google domain. They also create policies that automate much of the alerting and remediation work required to cleanse and secure their environment.
“For us, Cloud Monitor is hands-off 99% of the time and doesn’t take many people to run it, which is nice,” says Gauss. “Purchasing Cloud Monitor is one of the best decisions we’ve made and I would recommend it to other IT teams in K-12. It’s definitely worth the investment and, when it comes to protecting our data and users in Google Workspace, Cloud Monitor is the best cloud security solution that we’ve found.”