Discover tips for establishing a simple, secure learning environment for your school.
This October, many education institutions are celebrating Cybersecurity Awareness Month, an effort to encourage actions to reduce online risk and generate discussion on cyberthreats both nationally and globally. This year’s theme, “Secure Our World,” helps organizations consider the importance of taking daily action to reduce risks when online and using connected devices. To assist your efforts, we’re sharing three tips for IT professionals on ways to boost cybersecurity in your school community.
As an IT professional, your role is vital in protecting sensitive school data, securing devices, and maintaining safe learning environments. Microsoft cybersecurity solutions like passwordless multifactor authentication (MFA), Defender for Endpoint P2-Students, and Copilot for Security are designed to help you defend your school’s devices and data. Additionally, information from the latest Cyber Signals report can assist in creating a secure environment that persists through any cybersecurity challenges that might arise.
Assessing the cyber signals in K-20 education
The latest edition of Microsoft’s Cyber Signals report covers cybersecurity challenges facing classrooms and campuses everywhere and the urgent need for robust defenses and proactive security measures. The digital footprint made by schools, colleges, and universities has multiplied exponentially—from virtual classes to classified research stored in the cloud—requiring IT professionals to remain vigilant and focused on emerging cyberthreats.
Education continues to be one of the most targeted industries for cyberattacks and social engineering exploits that trick people into disclosing personally identifiable information (PII). According to the report:
- Education was the third most targeted industry for cybercriminals over the past three months. The US had the greatest threat activity.
- Over 15,000 phishing messages with malicious QR codes were sent each day to people in the education sector.
- Higher education institutions encounter an average of 2,507 cyberattacks each week.
These signals reinforce what you already know: the education community is the “tip of the spear” for cybercriminals because of its data-rich environments, legacy infrastructure, and the security risks created by people who are often extremely busy. Despite these hurdles, there are steps you can take to strengthen your institution’s security posture. Discover a few tips that you can implement today.
1. Secure all accounts with passwordless MFA
K-12 schools, colleges, and universities are increasingly adopting passwordless MFA as a more secure way to protect accounts when people like young students don’t have a phone or secondary device. The solution uses MFA techniques and a temporary access pass (TAP) for verification, eliminating the chance of a weak, overused password becoming compromised.
Passwordless authentication also helps create efficiencies and saves you time. Your students, faculty, and staff don’t have to remember complex passwords, and you spend less time resetting passwords when they are forgotten.
PII, such as social security numbers (SSNs) in the US, are attractive for cybercriminals to steal from K-12 school districts because the relatively little-used SSNs of a child might be usable for widespread fraud well before the identity theft is detected.
Cyber Signals Issue 8, October 2024
Microsoft Entra ID can enable passwordless MFA for everyone at all education levels using device-bound services like Windows Hello that aren’t transmitted or stored on outside platforms. This type of MFA involves sharing a TAP that onboards students to passwordless sign-in methods. Even if a cybercriminal steals a TAP, they can’t access the account on another device because of the device-bound requirements.
By adopting passwordless MFA, your school or institution can enhance overall security and also meet the stringent requirements for cyber insurance. K-12 schools can also take advantage of funding opportunities like the FCC’s $200 million Cybersecurity Pilot Program for schools in the US.
To get started using passwordless MFA for students, check out these resources:
2. Secure student devices with Defender for Endpoint P2-Students
Students face cyberthreats when they use a connected device, browse the Internet, or check their messages—even if the cyberthreats aren’t apparent to them. Cybercriminals are pivoting to new attack methods like using QR codes to deliver malware through email and even campus fliers. This opens new security loopholes because QR codes are often scanned with unprotected personal devices.
Recently the United States Federal Trade Commission issued a consumer alert on the rising threat of malicious QR codes being used to steal log-in credentials or deliver malware.
Cyber Signals Issue 8, October 2024
You can ensure secure learning experiences with Microsoft Defender for Endpoint P2-Students. This highly discounted, comprehensive solution secures endpoint devices with industry-leading, multiplatform threat detection and response. It works in concert with Microsoft 365 to stop phishing, ransomware, and malware even if the attacks originate from a nontraditional method like a QR code image. With Defender for Endpoint P2-Students, you’ll be able to:
- Detect and prevent threats.
- Disrupt attacks automatically.
- Offer more secure web browsing.
- Encrypt device data and protect privacy.
- Maintain security with continuous updates.
By implementing Defender for Endpoint P2-Students, your school can significantly enhance its cybersecurity posture while giving students the protection they need to learn in a safe digital environment.
Explore this tool in more depth in Defend against threats with Microsoft 365, a learning path designed to help you use Microsoft Defender to the fullest.
3. Extend your threat-fighting capabilities with Copilot for Security
Cybercriminals often target sensitive financial, health, and personal data stored by schools and institutions alike. The consequences of a data breach in higher education are particularly worrisome—many universities handle federally funded research and sensitive intellectual property that’s valuable to nation-state actors. Unauthorized access not only puts institutional security and reputation at risk, but it also can have implications for our nation’s security when the data is part of a defense contract or when the research involves intellectual property from a company sponsor.
The types of threats that we’re seeing, the types of events that are occurring in higher education, are much more aggressive by cyber adversaries.
David McMorries, Chief Information Security Officer at Oregon State University
Copilot for Security can help you discover, analyze, detect, and remediate your organization’s cyberthreats. Simply ask Copilot a question, and it will return an actionable response in seconds that helps you tackle common security tasks. Copilot for Security allows you to effortlessly and seamlessly:
- Analyze threats.
- Learn about security incidents.
- Generate profiles of threat actors.
- Summarize threat intelligence.
- Create policies and configure devices.
- Discover users who might be at risk for data exploitation.
By integrating Copilot for Security into your daily operations, you receive customized guidance based on signals from each of your security tools and Microsoft’s industry-leading threat intelligence. It also minimizes much of the research and legwork that goes into investigating and remediating cybersecurity issues which saves you time so that you can focus on other IT responsibilities.
Use the Get started with Microsoft Copilot for Security learning path on Microsoft Learn to discover how Copilot for Security helps IT professionals address end-to-end cybersecurity scenarios. Looking for ways to empower your student-led security operations center (SOC) with security AI? Check out these best practices for maximizing the potential of your student-led SOC with Copilot for Security.
For Cybersecurity Month 2024, explore Microsoft solutions like passwordless MFA, Defender for Endpoint P2-Students, and Copilot for Security to help you stay ahead of emerging threats. To build practical skills, dive into learning paths for IT professionals to gain in-depth knowledge about all of our cybersecurity, compliance, and identity solutions. These tools and resources can support you in securing your school’s digital infrastructure and creating a safer learning environment one step at a time.