School Fraud Alert
For all Headteachers & School Business Managers
Information to all SBMs and Headteachers provided by Digital Services on how to limit the risk of an email compromise.
Schools should consider implementing controls such as:
Email security/filter:
- This can help with scanning malicious links and attachments prior to delivery to end users; so users can be warned of potentially dangerous activity before taking any action.
- Outlook mailbox rules can be restricted so that only IT admin can implement mailbox rules – this makes it easier to detect any suspicious activity, rather than filtering everything into another folder.
- Implementation of a process where users must raise a request to create a mailbox rule can be another measure to put in place.
Account security:
- All accounts should use strong passwords (minimum of 12 characters with mix of numbers, letters and special characters) – Three random words is best.
- Multi-factor authentication – Using a mobile authenticator app with a time-based token is currently the most secure method to use (e.g. Microsoft authenticator app)
Access Control rules/policies:
- These should be reviewed to ensure that access to accounts is only allowed from specified locations – Typically threat actors will operate from remote/overseas locations when they compromise an account, so this would help prevent compromise.
General Internet Use:
- The use of social media sites and using business email addresses for non-work related purposes can be a means for hackers to gain information on user accounts within an organisation (e.g. naming conventions). Threat actors are constantly trawling through 3rd party sites to look for weaknesses etc. These sites often suffer from data breaches, so ‘digital footprint’ of business accounts should be kept to a minimum.
Further guidance can be obtained from the National Cyber Security Centre: https://www.ncsc.gov.uk/section/education-skills/cyber-security-schools