In this digital age, the lines between the virtual and the real world are increasingly blurring. We’ve all heard tales of a friend who got hacked. Perhaps, you’ve even been a victim yourself? As educators, navigating this digital world is hard enough without having to manage a cyber attack on top! Multi-Factor Authentication (MFA) is one very simple way to add an enhanced layer of safety to your school’s systems. In this article, we shall briefly look at why adopting MFA is not just a choice, but a necessity in the educational sector.
The Rising Tide of Cyber Threats in Schools
Schools have unfortunately become a fertile ground for cyber-attacks, with an alarming surge in incidents leading to the loss of sensitive pupil and employee data. On top of that schools can then face crippling periods of system downtime. It seems like every week there is another school hit by a cyber attack. And it’s not just about safeguarding data; it’s about preserving trust and ensuring the safety of our children. If a school gets hacked, that hacker now has our kids data – and that’s a parent’s nightmare!
One of the main attack vectors for hackers is the email account. Even in the smallest school, email is now a fundamental communication tool, linking staff, governors, students and parents alike. Kids get their homework over email. Parents get bombarded with comms about uniform, information evenings, facts about bananas being herbs and not fruit (this is true btw). It’s unrelenting! However, this connectivity comes with a downside. Email accounts can be accessed globally, providing cyber criminals with a golden ticket to infiltrate school systems from anywhere in the world. If these accounts are left insecure, say by a compromised password, then it’s not just that email account that is now compromised, it’s every system linked to that email – every system! The hacker can find all the systems associated with that email and then reset the password. They then own everything. They can also change the password of your email account so you’re locked out completely. Teachers don’t need this hassle!
So what is needed is a way to stop email accounts from becoming compromised. One way to do this is to keep changing the password…every 60 seconds…the hacker will have no chance if the password changes every 60 seconds.
Change my password every 60 seconds – That’s a bit extreme?!?
So you want teachers to change their password every 60 seconds? That’s not practical. It’s not possible. The thing is, it is possible – and it’s very easy to do! All you need to do is set up Multi-Factor Authentication (MFA) on your email account and you have done just that.
Before we move on, let’s quickly unravel the magic of MFA, Basically, it’s a digital sentinel that stands vigilant, protecting online systems like your email account. Imagine having a vigilant guard who verifies the identity of anyone trying to enter your school. MFA functions on a similar principle, generating a unique six-digit token every 60 seconds through a simple app on your phone. This minor addition to your login process can be a major roadblock for hackers, keeping your digital assets safe and secure. You probably already use MFA with your bank too. Just as you accept MFA to keep your money safe, parents (like me) want you to use MFA to keep their kids safe. But I also know you can’t do it alone, you need tech support!
Tailoring MFA to Your Needs: A Note to the IT Teams
For the IT teams guiding schools on how to use EdTech safely, integrating MFA into the procurement of licences must be a priority, as does setting MFA up in a way that balances risk with usability. Various levels of licences, such as those offered by Microsoft, provide for a customised approach to MFA, enabling features like conditional access that will only force MFA when a teacher is outside the school network or on untrusted devices can materially increase adoption. Yes, it might be more complex than the traditional logon process, but it’s so worth it compared to the impact of a major cyber attack. After all, the IT team will be at the coal face should that attack occur.
Summing Up
Implementing MFA is a necessity in the education sector. It’s not just about protecting data; it’s about upholding the sanctity of our educational institutions. I know many teachers are not techies. I know that teachers lives are stressful enough without making things more complicated. But embrace MFA. Take a stand against cyber threats and pave the way for a safer, more secure digital future for our children – and thank you for all the hard work you put in – you are very much appreciated!
About Fox Red Risk
Fox Red Risk is a boutique data protection and cybersecurity consultancy and Managed Security Service Provider which, amongst other things, helps client organisations with implementing control frameworks for resilience, data protection and information security risk management. Call us on 020 8242 6047 or contact us via the website to discuss your needs.
