Following an increase in phishing emails during summer 2018, David Ryder, Technical Director of Abbey Multi Academy Trust in Leeds, identified a vast number of emails coming from other educational establishments and affiliates. Identifying the potential negative impact of a user ‘falling for’ a phishing email and giving away credentials, along with their ongoing cyber security projects, they prioritised work around phishing and mitigating the risk of a breach.
They created a seven-point best practice guide for schools throughout the country. Abbey Multi Academy Trust, utilise the Microsoft 365 email system. Whilst some of their actions are specific to this platform, they are transferable to other email systems.
Here are the seven points they identified:
1. Mandatory Phishing Training for All Staff – Each of our 8 academies have had a training session from the Head of IT Services, providing awareness of phishing emails and the impact of them. This training is to be renewed annually with updated information. A version of this is also provided to students as part of ICT lessons.
2. Mail Flow Rules – We have created a set of mail flow rules, which we can amend manually when we have suspicious senders or content in the subject/body. This gives us granular control over email blocking.
3. Multi Factor Authentication (MFA) – Microsoft offers MFA free for educational licences. Enabling this for all staff accounts across the trust, means even if credentials are given away, there is much less risk of an account been accessed.
4. ‘Search and Destroy’ – When users report a suspicious email, we have a developed a procedure where any of our infrastructure team can quickly search the entire email system for similar emails and then purge them. The procedure enables a full system search and purge in under 5 minutes. In most cases, phishing emails which go through this procedure are removed from inboxes before the user has even seen it.
5. Mail access protocols (Mail Apps) – As with most email systems, 365 allows access to a mailbox via different protocols. We have denied access via SMTP/POP/IMAP for all users. This stops automated systems accessing a mailbox and sending out emails from that user.
6. Phishing Campaigns and Training – We run regular internal campaigns, whereby we send customised phishing emails. We collate the data which shows us details on the users who have fallen for the phishing email. We use this data to target training sessions and awareness material.
7. Alerts via 365 Security Centre – An additional module for 365 is the security and compliance centre. Part of this system allows us to create policies and rules which the alert us to suspicious activity within the email tenant. These alerts can help us identify users who may have fallen foul of phishing, therefore starting a lockdown/repair of breached accounts.
For more information on some of the industry’s best, yet easy to manage network security for schools, contact 01133 222 333 I firstname.lastname@example.org