Scam, spam, phish, or sales pitch – there are plenty of emails that you don’t want in your school or kura inbox. But how do you stop the flow of unwanted junk, and find better protection?
Because we use email every day, and we often use passwords to access it, email can feel safe and secure. But, unfortunately, that isn’t always quite true.
Recent 1 report that phishing and credential harvesting are the most common types of scam New Zealanders fall for by a long shot, and they almost always come through email.
It’s important to remember that opening malicious emails, unintentionally sharing personal data, or accidentally clicking on unsafe links could put your network at risk and expose sensitive data belonging to ākonga or kaiako.
While your standard cybersecurity system and spam filter are helpful, a specialist email protection service, such as Network for Learning’s (N4L) Email Protection, can filter out more advanced threats and offer more insight into attacks. Of course, it’s also smart to be aware of email danger signs and know how to avoid falling for a fraudulent message.
Email protection starts with people
According to a 2, nearly nine out of 10 cybersecurity breaches involve some type of human error. This might be clicking on a malicious link in an email or handing over data because a scam message looks legitimate.
That’s why your school’s email security plan needs to include ākonga, kaiako and anyone else using email on the network. It doesn’t need to be complicated – for example, education and reminders to users about the signs of an unsafe email, as well as letting them know what to do if they spot one.
Here are some tips on how to spot the signs of a suspicious email:
-
No name – the email doesn’t address you by name, or it uses your email address in the name field.
-
Hidden sender – the purported name of the sender (for example, Amazon) is inconsistent with the email address. Check the email address is consistent with the sender’s name by hovering over the ‘from’ field in your inbox – if you don’t know the email address, don’t trust it or open it.
-
Incorrect language – the email uses bad grammar or spelling, odd phrasings, or unusual word choices.
-
Personal requests – the email asks for personal information, money or bank details, even if it seems to come from someone you know. Double-check any requests over the phone or in person before you reply.
Strange attachments – email attachments ending with extensions like .exe, .bat, .scr or .com indicate that the file is designed to actively run a program on your computer.
Hidden links – links within the email being masked to hide their location – check this by hovering over the link and reading the URL before you click.
A team effort with layers
Keeping schools and kura safer online is a team effort and we all have a role to play. Schools should stay on top of their own cybersecurity, engage in continuous education for kaiako and ākonga, and raise awareness of good digital citizenship.
You can increase your cybersecurity resilience by putting multiple layers of protection between your school and email scammers, so you’re more likely to spot those sneaky attacks if they do reach your inbox.
Standard cybersecurity systems and spam filters can help protect schools and kura with email threats. In addition, an email security service, such as Network for Learning’s (N4L) Email Protection, can extend this protection to help you stay safer.
N4L provides internet and cybersecurity products and services to state and state-integrated schools and kura in Aotearoa. Their Email Protection service, which is fully funded for eligible schools by the Ministry of Education, can help catch unsafe emails before they reach your inbox. The service works with common email providers, including Gmail and Microsoft, adding an advanced layer of protection on top of the standard spam filter.
Proofpoint, a leading cybersecurity organisation, provides N4L’s Email Protection platform. It’s fast-moving and efficient, identifying and blocking new threats as soon as they pop up. Support beyond the system is also provided by N4L’s security team, who proactively monitor incoming emails and are able to provide a faster, more efficient response should an email-related incident occur.
How it works
Email Protection is a bit like a net that catches bulk external emails coming from suspicious sources, or those that indicate spam and/or malicious activity.
Here’s a snapshot of what that means – with numbers taken from the 2022/2023 financial year across the N4L Managed Network:
-
Total inbound emails to NZ schools: 820.9 million.
-
Total of those emails intercepted and blocked: 499.4 million.
-
Total delivered to NZ schools: 321.5 million.
That’s a huge number, more than 60 per cent, of potentially unsafe emails that didn’t reach school inboxes across Aotearoa New Zealand. The result? Fewer accidental clicks and data loss, as well as a safer digital environment in schools.
N4L is aware of one school north of Auckland where a user account had been phished and was sending out phishing emails from that account. If the school had Email Protection, the original phishing email was more likely to have been blocked earlier, would have triggered an alert and a notification to the school, and led to detection of the issue earlier. The school has subsequently signed up to Email Protection and is benefitting from the service.
How can your school get Email Protection?
Email Protection is funded by the Ministry of Education, making it accessible to all eligible New Zealand schools and kura. Even better, there’s no complex set-up process – just get in touch with N4L, and they can help get it sorted. For more information about N4L’s Email Protection, go to
Unsure if your school is already using Email Protection? Contact N4L’s Customer Support team on support@n4l.co.nz or 0800 LEARNING (0800 532 764).
References
1 CERT NZ – Quarter Two Cyber Security Insights 2023.
2 CISO Mag: “Psychology of Human Error” Could Help Businesses Prevent Security Breaches, 2020.