Malicious actors will often target the education sector because it is likely that a portion of the student population is not trained well enough to catch and report attempted phishing attacks. This means that with enough time and effort, hackers can gain access to a student or teacher account and begin siphoning their personal information before scouring the network for weak points. Schools and universities can take proactive approaches to help reduce the likelihood of successful phishing attacks on their network, and we want to talk about some of the best practices schools can begin implementing today.
Training for Staff and Students
The first step to improving a school’s defenses against phishing is implementing cybersecurity training for staff and students. When a new student accesses their account, they should be given the training they need to help them avoid clicking on malicious links, falling for fake password reset requests, and accepting authentication requests they didn’t make. Additionally, they should be given exit training that explains how their school accounts are at risk after graduation. Staff for the school should also undergo cybersecurity training to ensure they know how to report suspicious activity to IT and handle information appropriately. Overall, regular training should be provided that addresses education related cybersecurity threats in a way that helps build the learner’s cyber literacy over time.
Multifactor Authentication
One more step schools can take to protect their staff and student accounts is requiring multifactor authentication (MFA) for every account on the network. Students and staff should become accustomed to regularly authenticating when they log in on new devices and periodically re-authenticating on their primary devices. The MFA service should have a cap on the number of authentication requests that can be sent in a short period of time to avoid fatigue attacks on students. Additionally, schools should prioritize MFA services that make it easy to onboard new accounts and scale well as the student population grows at the beginning of each academic year.
IT Consultant for Education
To further improve the school’s cybersecurity defenses against phishing attacks, our team recommends working with a local IT consultant. Outsourcing some of the work a school’s IT team handles can free the team up for tasks that focus on making the network and the accounts on it more secure. IT consultants can also provide outside resources that help upskill employees or offer services that complement the IT infrastructure already onsite. Training and helpdesk services for school staff can also be outsourced to an IT consultant, helping with the workload placed on the IT department. Most importantly, many local IT consultants can help schools find technology they need at affordable prices.
Summary
Schools and universities have a difficult task in protecting all of their staff and students from year to year, and a single compromised account can cascade into a harmful cybersecurity event. To prevent this, the proper training should be implemented with protective services like an MFA. Schools should also work with a trusted IT consultant to augment their staff, provide beneficial services, and aid the school when things go wrong. Our team here at Robinett Consulting value the schools in our community, and our specialists are always ready to provide schools with a complimentary consultation to see how we can help improve your cybersecurity posture and prevent phishing attacks!
