Following an increase in phishing emails at the Abbey Multi Academy Trust in Leeds, technical director David Ryder identified a vast number of emails coming from other educational establishments and affiliates. Identifying the potential negative impact of a user ‘falling for’ a phishing email and giving away credentials, along with their ongoing cybersecurity projects, they prioritised work around phishing and mitigating the risk of a breach.
In partnership with Schools Broadband, David Ryder has created a seven-point best practice guide for schools throughout the country. Abbey Multi Academy Trust utilises the Microsoft 365 email system. Whilst some of their actions are specific to this platform, they are transferable to other email systems.
Here are three of the best-practice points they identified:
1. Mandatory phishing training for all staff – Each of our eight academies have had a training session from the head of IT services, providing awareness of phishing emails and the impact of them. This training is to be renewed annually with updated information. A version of this is also provided to students as part of ICT lessons.
Advertisement
2. Mail flow rules – We have created a set of mail flow rules, which we can amend manually when we have suspicious senders or content in the subject/body. This gives us granular control over email blocking.
3. Multi-factor authentication (MFA) – Microsoft offers MFA free for educational licences. Enabling this for all staff accounts across the trust means even if credentials are given away, there is much less risk of an account been accessed.
For more detail on search and destroy, mail access protocols (mail apps), phishing campaigns and training and alerts via 365 Security Centre, please click here.
For more information on Schools Broadband’s award-winning managed security service from Fortinet, please call 01133 222 333 Opt 3 or email info@schoolsbroadband.co.uk
Advertisement
Advertisement
Seven steps MATS and schools can take to prevent phishing attacks
Bob Tomblin
Following an increase in phishing emails at the Abbey Multi Academy Trust in Leeds, technical director David Ryder identified a vast number of emails coming from other educational establishments and affiliates. Identifying the potential negative impact of a user ‘falling for’ a phishing email and giving away credentials, along with their ongoing cybersecurity projects, they prioritised work around phishing and mitigating the risk of a breach.
In partnership with Schools Broadband, David Ryder has created a seven-point best practice guide for schools throughout the country. Abbey Multi Academy Trust utilises the Microsoft 365 email system. Whilst some of their actions are specific to this platform, they are transferable to other email systems.
Here are three of the best-practice points they identified:
1. Mandatory phishing training for all staff – Each of our eight academies have had a training session from the head of IT services, providing awareness of phishing emails and the impact of them. This training is to be renewed annually with updated information. A version of this is also provided to students as part of ICT lessons.
Advertisement
2. Mail flow rules – We have created a set of mail flow rules, which we can amend manually when we have suspicious senders or content in the subject/body. This gives us granular control over email blocking.
3. Multi-factor authentication (MFA) – Microsoft offers MFA free for educational licences. Enabling this for all staff accounts across the trust means even if credentials are given away, there is much less risk of an account been accessed.
For the next four points, click here.
For more detail on search and destroy, mail access protocols (mail apps), phishing campaigns and training and alerts via 365 Security Centre, please click here.
For more information on Schools Broadband’s award-winning managed security service from Fortinet, please call 01133 222 333 Opt 3 or email info@schoolsbroadband.co.uk
Advertisement
Searches for tech courses surge 40% amid COVID-19 pandemic
Across the UK, searches for remote learning tech training and skills development programmes have increased…
Virtual academy sees demand soar in lockdown
The Liverpool-based founder of a virtual academy says that demand for its STEM-focused services has…
Ensuring everyone benefits from technology, free from harm
Lockdown attainment gap could take a year to close
Boosting student engagement through independent, multimodal learning
Personalised learning deemed the biggest barrier to remote teaching