by ManagedMethods CEO Charlie Sander, for Today’s Modern Educator
The way school districts operate is forever changed.
The pandemic forced schools to adapt and increase their use of cloud platforms and cloud activity. Google Workspace and Microsoft 365 became the go-to option to stay connected, and students now have their own device to access their school cloud account. Anywhere, any time.
As the 2021 school year approaches, cybersecurity continues to be the top technology priority. However, CoSN’s The State of EdTech Leadership 2021 Survey Report found that cybersecurity risks are underestimated. The proper steps to protect the expanding cloud environments are not being taken. Not only are districts at risk, but so are the security and safety of everyone using the cloud applications a district provides.
As an IT team, taking the appropriate steps to monitor and control the activity taking place is critical. Here are five steps to take to protect students and staff in the cloud.
Watch for Phishing Activity
Phishing is the top tactic used by cybercriminals to gain access. Therefore, it’s critical to be able to spot phishing early on. This can be difficult, as phishing comes in a variety of forms.
- Spear-phishing: a well-thought-out email designated to specific targets, where an email looks to be coming from a person of power within the school district, making a request.
- Lateral phishing: occurs when an account is compromised, and the attacker can send phishing emails from one school district account to other accounts within the district.
- Malicious third-party apps: a phishing campaign attempting to get students and staff to download, install, or connect a malicious app that compromises an account upon sign-in.
- File attachments: phishing can also be sent using emails containing a malicious file attachment or a file that contains a phishing link to execute the spread of malware. These are more likely to be able to get past traditional email phishing filters.
Phishing attacks have become more advanced and severe. One incident in 2020 cost a district $9.8 million, according to The K-12 Cybersecurity Resource Center’s State of K-12 Cybersecurity: 2020 Year in Review report. The median cost of spear-phishing incidents is reported to be $2 million.
Training students, teachers, and staff to spot these attempts is crucial. They will often be the first point of contact. And once a single person falls for an attack, the phishing can quickly spread. Consistently watching the login activity of students and staff can help detect the unusual behavior indicating a successful phishing attack.