School Districts Without 2FA on Staff Email Accounts - Why?
Over the last several months, I am constantly having to reach out to school districts all over the country because my users are being spammed with compromised emails originating from staff accounts from other districts that have been compromised.
The latest SPAM email that I just dealt with was even worse, the account that forwarded it was from School District X meanwhile the form that it was linking to in its email was from School District Y in completely different states.
When this occurs, I reach out to the school district that the compromised account originated from to let them know of it and nine times out of ten, I get zero response back from that district. I even reach out to multiple people listed on the school district website as I know from experience that districts often do not keep their district webpages updated.
Multi-factor authentication could prevent at least 99% of these issues from even occurring so if your school district doesn't use it, why not?
**EDIT**
For those that do not have MFA, do you all carry cyber insurance? As often times, it's a requirement for it.