I was watching a panelist discussion post-mortem discussing firsthand knowledge of 25 major ransomware-style breaches. One of the panelists was an award-winning, ex-NSA offensive hacker. One item that was stressed as a common theme across many breaches was credential theft being the number one way bad people get into the network. An area they specifically pointed out as a major threat was fake, online sign-on screens for your various online services such as Microsoft and Google.
Microsoft is notorious for flipping those "sign in again" screens over and over. I have to admit that sometimes my brain fogs out and my eyes glaze over as I am frustrated that I once again have to sign in and it will probably fight with me about my password and ID.
The bottom line is that can't happen.
When those screens pop up, you have to look at the address before you start typing anything.
Installing multi-factor authentication so that our IDs and passwords are not good enough is the next level defense against these types of attacks.
If you haven't done so already, you need to be committed to implementing a multi-factor authentication system for all major internet-facing resources and for accessing the district remotely via VPN, email, or any remote access platform you have in place.
You must teach your staff to reach out to your help desk if it is not obvious to them that they are looking at the real sign-on screen. Teach them to bookmark the key sites they use vs. using an online search engine to find commonly used links.
Microsoft has issued its own warning about these attacks:
We are happy to work with you in assessing and implementing this higher standard in end-user authentication. Give us a call and we'll figure out what needs to be done.