Start by informing educators of basic red flags to look for in emails:
- District’s name is misspelled
- Sender’s domain is generic (i.e., @gmail.com) instead of the district address
- Generic greetings don’t address the recipient by name
- Message is filled with spelling or syntax errors
- Footers include links to vendors that aren’t district-approved
Fight Against “Consent Phishing” with Targeted Security Training
Training needs to focus specifically on the types of phishing emails these hackers frequently send to K–12 school districts. Hackers often target schools with a strategy known as “consent phishing,” in which bad actors trick school faculty into granting permissions to malicious cloud apps to gain access to the user’s legitimate cloud services. This differs from traditional phishing, which involves hackers crafting convincing emails that go to fake landing pages where users enter sensitive information.
With consent phishing, user sign-in takes place at a legitimate identity provider, rather than a fake sign-in page. Educators need to be aware of the applications within their school’s ecosystem, and system administrators need to be aware of and evaluate consent requests.
“Consent phishing attacks are a specialized form of phishing, so they require a comprehensive, multi-layer defense,” notes one Microsoft blog.
Cloud Security Tools and Practices K–12 Schools Need
The first layer of defense should include multifactor authentication and identity management solutions, which require a user to provide an ID, a password and a third identifier, such as a badge or a biometric marker, to access the network. However, MFA alone may not be enough to keep schools protected.
Employees should be trained regularly on the latest threats, and schools may do well to give system administrators control of third-party app permissions and approvals.
Schools would benefit from implementing a zero-trust security framework that operates on the premise that every interaction or transaction begins in an untrusted state. Zero trust requires that all users be authenticated, authorized and continuously validated for security configuration and posture before being granted or maintaining access to applications and data.
Schools that use Google Workspace have built-in cloud security, including identity and access management tools and a security alert center that notifies administrators of potential issues. Workspace also includes Vault, an information governance tool that lets admins retain, hold, search and export users’ Google Workspace data.
Organizations such as Unit 42 by Palo Alto Networks have sounded the alarm on security risks to cloud applications, offering products and services designed to mitigate potential issues. The organization’s advanced URL filtering services are designed to automatically detect and prevent new malicious and targeted web-based threats.
External audits of the school’s security policy should be part of the plan to protect users from consent phishing. Districts can bolster their cybersecurity policies by adopting cloud security posture management solutions, which provide governance, risk management and compliance capabilities for cloud environments. CDW’s CSPM tools can examine an organization’s security configuration, then work to find gaps in protection by comparing against security frameworks such as the National Institute of Standards and Technology Cybersecurity Framework.