For most people who work in K-12, summer brings a sense of relaxation and relief from the day-to-day stresses that we have seen over the past 10 months particularly during this extraordinary COVID-19 school year.
Although we can let our hair down on some things, cyber security is something that we need to stay diligent about to keep on top of the threats we encounter online. I assure you cyber criminals are not taking the summer off.
Phishing continues to be one of the most effective methods that criminals utilize to harvest credentials – because it continues to work. According to research conducted by the ECNO Regional Information Security Analysts team, five to 10 per cent of employees are still being tricked when asked via email phishing campaigns to provide their full credentials, regardless of how obvious the indicators in the message are, or how well crafted.
These scary stats really speak to the need for school boards in the province to further protect user identities. Multi Factor Authentication must be adopted at a higher rate in our boards, not only enforced by our school board IT departments but by users themselves: staff need to take ownership in asking that their accounts be protected and enabling additional security controls on their own. We all need to do our part in the protection of login credentials. It is not enough for users to rely on the enforcement of controls to do so.
A few easy steps can start the process. Good password creation techniques, being diligent to not provide our names and passwords to anyone (except of course the services we know are safe and supported), using multi factor authentication, staying alert and suspicious and not feeling embarrassed to ask an expert in your board’s IT department if you are not sure – all need to become second nature for everyone. These principles can also be applied to your personal life.
I would like to take this opportunity to wish everyone a safe and happy summer. Enjoy any time off you may take. September will be here before you know it.
By Steve Payne
Steve Payne is ECNO’s Provincial Information Security Officer