Top tips for improving resilience to email threats

It’s important to include ākonga in email security plans.

Because we use email every day, and we often use passwords to access it, email can feel safe and secure. But, unfortunately, that isn’t always quite true.

Recent CERT NZ stats(external link) report that phishing and credential harvesting are the most common types of scam New Zealanders fall for by a long shot, and they’re almost always executed via email.

It’s important to remember that opening malicious emails, unintentionally sharing personal data, or accidentally clicking on unsafe links could put your network at risk and expose sensitive data belonging to ākonga or kaiako.

Email protection starts with people 

According to a 2020 study by Stanford Research, nearly nine out of 10 cybersecurity breaches involve some type of human error. That’s why a school or kura email security plan needs to include ākonga, kaiako and anyone else using email on the network. 

2020 study by Stanford research(external link)

It shouldn’t be complicated – for example, educating and reminding users about the signs of an unsafe email – letting them know what to do if they spot one. 

Spot the signs: 

• No name – the email doesn’t address you by name, or it uses your email address in the name field.
• Hidden sender – the purported name of the sender (for example, Amazon) is inconsistent with the email address. Check the email address is consistent with the sender’s name by hovering over the ‘from’ field in your inbox. If you don’t know the email address, don’t trust it or open it.
• Incorrect language – the email uses bad grammar or spelling, odd phrasings, or unusual word choices. 
• Personal requests – the email asks for personal information, money or bank details, even if it seems to come from someone you know. Double-check any requests over the phone or in person before you reply. 
• Strange attachments – email attachments ending with extensions like .exe, .bat, .scr or .com indicate that the file is designed to actively run a program on your computer. 
• Hidden links – links within the email are masked to hide their location – check this by hovering over the link and reading the URL before you click. 

A team effort with layers

Keeping schools and kura safer online is a team effort and we all have a role to play. Schools should stay on top of their own cybersecurity, engage in continuous education for kaiako and ākonga, and raise awareness of good digital citizenship.

With email threats, standard cybersecurity systems and spam filters can help keep schools and kura safer. In addition, an email security service, such as Network for Learning’s (N4L) Email Protection, can help filter out advanced threats.

You can increase your cybersecurity resilience by proactively implementing multiple layers of protection. 

Keeping schools and kura safe online is a team effort.

Stopping millions of emails at the source 

N4L provides internet and cybersecurity products and services to state and state integrated schools and kura in Aotearoa. Their Email Protection service, which is fully funded by the Ministry of Education, can help catch unsafe emails before they reach your inbox.

Email Protection is a bit like a net that catches bulk external emails, emails coming from suspicious sources, or those that indicate spam and/or malicious activity.

Here’s a snapshot of what that means – with numbers taken from the 2022/2023 financial year, across the N4L Managed Network:

• Total inbound emails to NZ schools: 820.9 million.
• Total of those emails intercepted and blocked: 499.4 million.
• Total delivered to NZ schools: 321.5 million.

That’s a huge number of potentially unsafe emails that didn’t reach school inboxes across Aotearoa New Zealand. The result? Fewer accidental clicks and data loss, as well as a safer digital environment in schools.

N4L is aware of one school north of Auckland where a user account had been phished and was sending out phishing emails from that account. Had the school had Email Protection, the original phishing email was more likely to have been blocked earlier, triggered an alert and a notification to the school, and led to detection of the issue earlier. The school concerned has subsequently onboarded with Email Protection and been happy with the service.

Email Protection is accessible to all eligible New Zealand schools and kura. Even better, there’s no complex set-up process – just get in touch with N4L, and they can help get it sorted.

Creating a safer digital environment in schools and kura is key.

Find out more

Contact N4L’s Customer Support team on support@n4l.co.nz or 0800 LEARNING (0800 532 764).

For more information about N4L’s Email Protection, go to n4l.co.nz/protect(external link).