Email Compromise

Preventing Business Email Compromise in Our Public Schools

By Matt Komac, Assistant Director of PC Pool Operations

 

MSGIA has observed a significant increase in Business Email Compromise (BEC) incidents targeting our members. These attacks pose a growing threat as cybercriminals exploit school employees to access funds and sensitive data. A single compromised email account can trigger fraudulent wire transfers, data breaches, and costly cyber insurance claims. To reduce these risks, implementing Multi-Factor Authentication (MFA) remains a critical safeguard.

 

Understanding the BEC Threat

BEC attacks typically begin with phishing emails that trick employees into disclosing their login credentials. Once an attacker gains access to an email account, they can impersonate school officials, vendors, or finance personnel to manipulate staff into transferring money or disclosing confidential information. Because schools handle high volumes of financial transactions and student data, even one successful attack can have devastating consequences.

 

Why MFA Is Essential for Risk Mitigation

MFA strengthens account security by requiring users to verify their identity through two or more authentication factors: something they know (a password), something they have (a phone or security key), or something they are (biometric data). Even if an attacker steals a password, they can’t gain access without passing the second authentication step. Implementing MFA significantly lowers the risk of unauthorized access and protects districts from financial loss and regulatory penalties.

 

Steps for Implementing MFA in Schools

  1. Mandate MFA Across Critical Systems – Require MFA for all district email accounts, financial software, student information systems, and administrative portals.
  2. Educate Staff on Cyber Threats – Offer regular training sessions that help employees recognize phishing tactics and understand how MFA prevents cyber incidents.
  3. Continuously Monitor for Suspicious Activity – Set up alerts for unusual login attempts or access patterns to detect potential breaches early.
  4. Strengthen Internal Policies and Verification Procedures – Enforce strict protocols to verify financial transactions and personnel requests, minimizing the chance of fraud.
  5. Evaluate Conditional Access Policies – Some districts may opt to relax MFA for users accessing systems from trusted networks or IP addresses. However, review these exceptions carefully to prevent internal exploitation.

 

Reducing Liability and Preventing Cyber Claims

By proactively adopting MFA and building cybersecurity awareness, districts can reduce their risk of BEC attacks. These efforts not only safeguard school finances but also help avoid costly insurance claims, ensure compliance with data protection laws, and preserve public trust. As cyber threats grow more sophisticated, schools must take a risk-based approach to security to protect resources and maintain uninterrupted operations. Return to newsletter