| | DECEMBER 20259EUROPEEUROPETECHNOLOGY SOLUTIONS THAT DRIVE EDUCATION SECTOR· Beyond complex password policies and the use of a password manager, districts must implement multifactor authentication (MFA) for their staff as a layered approach to securing the organization's data and systems.· Provide monthly cybersecurity awareness training for all staff, including brief training videos and assessments. In addition to the awareness training, districts must conduct rolling, daily phishing tests to simulate some of the highly used tactics, providing awareness and helping district staff identify and exercise caution when handling suspicious email messages.· Subscribe to various services provided by federal agencies and affiliated entities to complement their cybersecurity posture.Unfortunately, no technology system on the market today can provide 100 percent prevention against malicious activity, eliminate all risks, and circumvent human decision-making. So, even with the above various solutions and protective measures in place, the best prevention to ward off malicious activity by a threat actor is education. Since most malicious activity is often delivered via email, end users must exercise caution when responding to email messages. Districts should encourage their users to:· Slow Down and Look for the Visual Cues - Take a few moments to examine the message sender and contents.· Never Trust and Always Verify--If the message appears to be from a reputable source but the content appears strange, contact the individual in a different manner rather than email to verify if this was from them or not.· Think Before You Click - Before clicking the link(s) in a message or downloading attachment(s) accompanying the message, ask, "Do I trust the source?" or "Was I expecting this message?" or "Is the content/attachment included something that pertains to me?".· When in Doubt, Throw it Out - If users don't feel comfortable acting on a message they receive, they should delete it. If the message is legitimate and essential, the sender will most likely contact them through another communication medium for follow-up.Cyber actors will do whatever they can to deceive individuals for their gain or benefit, and email is usually the attack method they choose to achieve this fraudulent activity. For cyber actors, phishing email activity is low risk and, if successful, high reward, and there is usually no recourse to undo the damage caused. Cybersecurity is a natural, significant threat to school systems. Everyone is responsible for safeguarding personally identifiable information about students, faculty, staff, and financial accounts containing taxpayer resources from falling into the wrong hands. Cybersecurity is a natural, significant threat to school systems. Everyone is responsible for safeguarding personally identifiable information about students, faculty, staff, and financial accounts containing taxpayer resources from falling into the wrong hands.
< Page 8 | Page 10 >