Endpoint Security Solutions Protect K–12 Schools Against Phishing Threats

“If you open that email with the malicious file attached, EDR is going to catch it,” Werfal says. “It will instantly flag it, notify our security team, and shut your computer down so the file can’t do anything.”

The technology has given Werfal and his colleagues room to breathe as they engage in what sometimes feels like hand-to-hand combat with a constant stream of bad actors. “It’s an answer, along with multifactor authentication, to the No. 1 issue that we face, which is the human element of cybersecurity,” he says. “We can take all the precautions we want, but people eventually make mistakes.”

Defending Easy Targets With EDR and XDR

Whether it’s teachers, students or district staff, no one is invincible to the daily barrage of scams designed to get hackers into their schools’ networks.

IT leaders know this, of course, but so do the attackers. A 2025 study by the Center for Internet Security that examined 18 months of cyberthreats beginning in July 2023 found that “human-targeted” threats outnumbered other attack vectors by at least 45%.

DISCOVER: Get insights from security pros in the CDW Cybersecurity Report.

“People are easier to attack,” says Amy McLaughlin, project director with CoSN’s Cybersecurity and Network and Systems Design initiatives. “Compared with developing software code and working your way into systems from the outside, any kind of social engineering is a much faster way to get in the door.”

When attackers have already made their way to users, IT teams look to EDR technologies that focus on endpoints and extended detection and response solutions (known as XDR) that take it a step further by analyzing data from network traffic and other sources. “They alert, lock down and clean up threats through automation driven by machine learning,” McLaughlin explains. “They take something that would normally be a massive lift and make it a daily operation.”

One district leader who knows something about massive lifts is Brad Jessen, IT director at Tuscaloosa County School System in Alabama. Jessen heads a team responsible for securing the devices of more than 19,000 students and 2,400 faculty and staff across 35 K–12 schools. “Not a day goes by that we don’t use our protocols for investigating and mitigating phishing incidents,” he says.

The only way they do so without breaking at the seams is by relying on a range of cybersecurity solutions from Barracuda Networks, including Barracuda Email Protection. The product features an incident response tool that automatically identifies any suspicious emails that get through its filters and into users’ inboxes.

LEARN MORE: Security technologies should be paired with user education in K–12 environments.

As threats are detected, Jessen’s team is alerted, “and we can automatically remove all instances at once with just a few clicks,” he explains. The tool also allows him and his colleagues to isolate the devices of end users who happen to click on malicious links and to automatically deliver instructions explaining what they need to do next. “It gives us everything we need for remediation and to prevent the attack from doing damage to our network.”

The district provides regular training to all employees that includes simulated phishing attacks to test user awareness of such threats. “It’s about reminding people that they have to stay vigilant,” Jessen says. “We’re all going to have bad days, but it’s important that we try to keep them to a minimum.”

Endpoint Detection and Response Stops Hackers in Their Tracks

A need for increased vigilance was one of the top drivers for Jordan School District’s adoption of EDR and XDR tools in 2021. One of the largest K–12 districts in Utah, JSD includes 68 schools, about 57,000 students and just over 7,000 employees.

The district faces challenges just like any other in its never-ending battle with cyber adversaries looking for access to potentially valuable data. The hackers come from every direction, says David Bowman, JSD’s systems and security manager, and they tend to target email accounts because they know that doing so can be profitable.

“I literally push off 4 million attacks a day coming from Russian IP addresses,” he says. “It sounds hyperbolic when you hear things like ‘the Russians are hacking schools,’ but the reality is, it’s absolutely true.”

Source: Center for Internet Security, “2025 CIS MS-ISAC K-12 Cybersecurity Report: Where Education Meets Community Resilience,” March 2025

In JSD’s case, Bowman says, the district turned to Trend Micro as it looked to keep up with a rapidly evolving security landscape. “It was ‘OK, what happens once they get in? How do we stop them from getting any further?’”

The company’s EDR/XDR capabilities are included in its enterprise-level cybersecurity platform. Soon after JSD implemented the system four years ago, it successfully stopped three ransomware attacks and saw phishing attempts decrease by about 50%.

Bowman says the platform’s detection and response solutions monitor the district’s systems 24/7, like a neighbor keeping an eye on a house down the street. “She knows it’s totally normal on the weekend for you to leave your garage door open all day, but if she sees that it’s open on Saturday night, she’s probably going to give you a call.”

With EDR and XDR, Bowman and his team are automatically alerted to any abnormalities and equipped with the tools to react. “People click on bad things,” he says. “This gives us a chance to fix those mistakes.”