4 Essential Security Features for Your Business Office 4 Essential Security Features for Your Business Office

4 Essential Security Features for Your Business Office

by Mike Bianco
Mike Bianco Mike Bianco Edtech Thought Leader
Read time:

Be proactive about protecting your business office from Business Email Compromise attacks.


Multi-factor authentication

It’s a good idea to implement multi-factor authentication everywhere, but most of all the business office because of the sensitive nature of financial transactions.

MFA requires two or more pieces of evidence for a user to log in. At the very least, MFA will slow people down. This is a great foil to bad actors everywhere who use false urgency to trick users into acting without thinking.

According to a recent report by Clever, a majority of district leaders surveyed (55%) have adopted MFA or plan to do so within the next two years. However, only 16% have fully implemented MFA across all applications and users.


Single sign-on

Package MFA and single sign-on (SSO) together to combat MFA fatigue. This is the way we in the biz refer to the groans and sighs of users who consider procuring a second form of user evidence to be a bit of a chore.

SSO providers use one set of credentials to log into multiple interconnected but distinct platforms. It’s a good way to feel confident in security without requiring users to remember many different passwords. At the same time, SSO programs use Security Assertion Markup Language (SAML) to keep credentials safe and entirely separate from each system they log into. Secure authentication is the sole focus for SSO providers.

Using SSO emphasizes the importance of an uncrackable passphrase.


Restrict to known IP addresses

An IP address identifies which computer is using Internet Protocol (IP) to communicate over your network. Did you know you can limit access by IP address?

If your business office uses security groups to assign different roles to users, it’s possible to restrict access to those users only when they’re within a certain IP address range. This way when the user is outside the IP address range, the system would not permit them to access certain areas of the software.


Staff training

A stellar staff training program is ongoing with regular check-ins, refreshers, and drills. Business email compromise targets individuals with access to large amounts of valuable information, data, and financial connections. This group would benefit from spear phishing and social engineering training as well: bad actors will try name-dropping the superintendent, the mayor, and even law enforcement if they think it might get them access to your valuable data!

It's a good idea to train and test every staff member for cyber security awareness, but especially the folks in the business office handling finances.


The bottom line: An ounce of prevention

A proactive approach to data security pays for itself if a cybersecurity incident happens—and they do happen, all the time, to good people. Protect yourself and your data with settings that already exist in your edtech. You’ll be glad you did!

If you would like to know more about security awareness training and solutions, reach out today.


Mike Bianco Mike Bianco Edtech Thought Leader
Share this story:

Large Districts Large Districts

Recent Articles

3 Ways to Play the Long Game for Staff Retention
Use these tactics early in the school year to build educator stamina and keep morale high all year long. Casey Hernandez
How Are You Attracting and Retaining Teachers of Color?
Automating your applicant tracking eases the effects of covert biases and provides an attractive applicant experience. Erin Werra
4 Critical Components of K12 Data Solutions
Look for these four non-negotiables when purchasing your next school data solution. Erin Werra

Share Facebook
LinkedIn Email
Humanity 🤝 Technology
Edtech insight delivered directly to you.