Following an increase in phishing emails at the Abbey Multi Academy Trust in Leeds, technical director David Ryder identified a vast number of emails coming from other educational establishments and affiliates. Identifying the potential negative impact of a user ‘falling for’ a phishing email and giving away credentials, along with their ongoing cybersecurity projects, they prioritised work around phishing and mitigating the risk of a breach.
In partnership with Schools Broadband, David Ryder has created a seven-point best practice guide for schools throughout the country. Abbey Multi Academy Trust utilises the Microsoft 365 email system. Whilst some of their actions are specific to this platform, they are transferable to other email systems.
Here are three of the best-practice points they identified:
1. Mandatory phishing training for all staff – Each of our eight academies have had a training session from the head of IT services, providing awareness of phishing emails and the impact of them. This training is to be renewed annually with updated information. A version of this is also provided to students as part of ICT lessons.
2. Mail flow rules – We have created a set of mail flow rules, which we can amend manually when we have suspicious senders or content in the subject/body. This gives us granular control over email blocking.
3. Multi-factor authentication (MFA) – Microsoft offers MFA free for educational licences. Enabling this for all staff accounts across the trust means even if credentials are given away, there is much less risk of an account been accessed.
For the next four points, click here.
For more detail on search and destroy, mail access protocols (mail apps), phishing campaigns and training and alerts via 365 Security Centre, please click here.
For more information on Schools Broadband’s award-winning managed security service from Fortinet, please call 01133 222 333 Opt 3 or email email@example.com