Using transport rules as a security tool (Part 1)

At a conference last May, I had an opportunity to facilitate a session focused around email security covering topics such as SPF/DKIM/DMARC/MTA-STS, spam/phishing filtering, message routing, archiving/holds, and more. During that session, I shared about the methodology I use to track current trends of spam and phishing attacks rather than relying on the native spam filtering in our email platforms…

It’s the fundamentals that keep you safe

With the increase in cyber attacks against school districts this year, I’ve had numerous vendors attempt to use fear to push their products as a remedy to my cyber woes. In communications with other districts, this seems to be a common thread where already cash strapped districts are being pushed to purchase more expensive, exotic … Continue reading “It’s the fundamentals that keep you safe”

How to Get a Handle on Patch Management

The start of school this year has been unlike any other in the past. The headlines have been littered with school districts who are struggling with email compromise and malware/ransomware attacks. To get a sense of the gravity of the situation, take a quick trip to Twitter and check out Doug Levin’s feed: This … Continue reading “How to Get a Handle on Patch Management”

Guide to the NIST Cybersecurity Framework: A K-12 Perspective

April was recently asked to guest post her guide to the NIST Cybersecurity Framework for K-12 on Doug Levin’s fantastic K-12 Cybersecurity Resource Center. She does an amazing job of outlining and simplifying the content for those of us who don’t enjoy reading the policy equivalent of man pages 😉 You can check out her … Continue reading “Guide to the NIST Cybersecurity Framework: A K-12 Perspective”

Deploying MFA for staff in a K12 environment

Several different districts have asked me how my large district deployed MFA (multi factor authentication) to all staff.  The short summary is: We don’t MFA prompt when on district property or when using district laptops. We worked with our unions in advance and created exception workflows We started with our high risk phishing targets (school … Continue reading “Deploying MFA for staff in a K12 environment”