< Back | Return Home
Turn on Essential Security Features Before It’s Too Late Turn on Essential Security Features Before It’s Too Late

Turn on Essential Security Features Before It’s Too Late

#Security
by Mike Bianco
Mike Bianco Mike Bianco Vice President of Information Security
Read time:

Business email compromise (BEC) is a type of fraud delivered via email, in which the attacker targets a business (or school district). If the attack is successful, they gain access to the district’s email accounts. They can then use these email accounts to access critical business systems like Skyward. In Skyward, they often modify payment information and reroute employee or vendor payments to fraudulent bank accounts. If the changes go unnoticed, you may unknowingly be sending your money to fraudsters.

BEC attacks are increasing. That’s why it’s important to be vigilant and turn on essential security features before it’s too late.

Let’s take a look at four important steps you can take to reduce your district’s chance of falling victim.


1. Learn how to identify signs of BEC

BEC attacks are often discovered by looking for atypical behaviors or events. Here are some red flags to watch out for:
  • Unexplained account password changes
  • Logins at unusual times (the middle of the night, holidays, etc.)
  • Logins from unknown or malicious IP addresses
  • Triggered email security notifications (ACH changes, password changes, new devices added, etc.)
  • Payments made to incorrect bank accounts


2. Protect district email accounts with multi-factor authentication (MFA)

Multi-factor authentication makes it significantly harder for hackers to gain access to your emails. Set up MFA on critical business office email accounts immediately. Then set it up on as many other accounts as you can.

Looking for help? There are two ways to set up MFA in Qmlativ.


If your district uses SMS 2.0, here is how to set up MFA on your email accounts:


3. Restrict security to known IP addresses

You can make it more difficult for people outside your district to access important information by establishing an IP address range for security roles.

If your district uses Qmlativ, use the following link to set up restricted access:

If you use SMS 2.0, here’s how to set up an IP address range:


4. Educate staff

You may have the best defenses in place, but if your staff doesn’t know how to identify a fraudulent email, they may click a dangerous link and open your district up to a host of problems. That’s why it’s imperative to implement a security awareness training program for all employees (and especially those responsible for handling money).

Skyward Technology Solutions has partnered with KnowBe4, the world’s largest integrated platform for security awareness training and simulated phishing attacks.

KnowBe4’s training programs are delivered regularly to employees in bite-sized sessions: think watching a video and answering less than five questions. You can monitor who is actively participating and who skips training. With regular practice using KnowBe4, one district dropped from a 27% phishing test fail rate to a 0.03% fail rate in five months! Interested in learning more? Email Tom Kellnhauser at tomke@skyward.com.


Business email compromise attacks may be on the rise, but by taking steps to secure your accounts and educate your team, you can significantly reduce the chance of falling victim. But don’t wait!

 

Follow-up resource: Level Up Your District Data Protection with the Security Audit Report

Are you sure your Skyward system settings are meeting security best practices? Now you can be! We’re excited to unveil the new Security Audit Report, a free tool you can use to make sure your system and data are as secure as possible.


 



Mike Bianco Mike Bianco Vice President of Information Security


Share this story:
Get started with Qmlativ


Read more articles like this

Qmlativ Spotlight: Translating Family Access Just Got Easier
Qmlativ Spotlight: Translating Family Access Just Got Easier
Safeguarding Data Starts with a Strong Skyward Password
Safeguarding Data Starts with a Strong Skyward Password
5 Free, Can't-Miss Skyward Resources
5 Free, Can't-Miss Skyward Resources
Technology Tips: December 2024 Edition
Technology Tips: December 2024 Edition
Partner Guest Post: A Day in the Life of AI-Enhanced K-12 Procurement: Sarah's Story
Partner Guest Post: A Day in the Life of AI-Enhanced K-12 Procurement: Sarah's Story
Know Your Skyward Support Options
Know Your Skyward Support Options
On the Road with Lauren: Hands, Head, and Heart: Educating the Whole Child... Outside!
On the Road with Lauren: Hands, Head, and Heart: Educating the Whole Child... Outside!
Google Classroom Integration
Google Classroom Integration