Email is a primary entry point for cyber attacks against schools and universities, with phishing in particular remaining a major threat, according to a Government Technology article.
Phishing emails continue to become more sophisticated and often contain links designed to have users reveal credentials. Those credentials can give broader access to systems and be used in ransomware campaigns. Generative AI complicates detection by making emails, graphics and computer-generated content more convincing.
An Oregon school district in February caught and corrected a phishing campaign that used a web form intended to capture user information, as reported by the Corvallis Gazette-Times. Leaders said that they’d been working for three years to strengthen their cybersecurity posture, and employee training was part of that work.
Since credential theft is a common goal, multifactor authentication (MFA) remains a baseline defense. Attackers aren’t after the credit cards of elementary school students, but they are looking for disruption, ransom or higher-level access. MFA can help stop them.
At this year’s Consortium for School Networking conference, North Kitsap Public Schools in Washington shared how it implemented MFA for students. For many districts, budget or staffing remain barriers. Districts might benefit from shared services or statewide offerings, but a combination of training, credential protection and collaboration can help reduce the risk and impact of attacks.
“Not everybody is trained in this, so it’s a continuing education effort,” says one security expert. “I think that the repetitive nature is what’s important.”
Government Technology
