Login credentials are the source of a lot of messy situations. If they fall into the wrong hands, it’s almost unclear what could happen. Account takeover risks are among the least talked about cloud security issues for schools, but they are perhaps the most detrimental and the hardest to detect.
Before you start cleaning your district’s Google and/or Microsoft cloud domains of all their online risks and vulnerabilities, you need to know exactly what you’re dealing with. Let’s take a closer look at the reality of login activity in your cloud environment.
Account Login 101
According to one estimate, the average person uses 191 different services that require a password or other login credentials.
191 services! Now think of this in terms of your school district: for each student you have, they access multiple logins and multiple cloud services, all of which require a password. Simply put, the sheer volume of account login activity in your cloud environment is almost incomprehensible.
Here’s the problem: Most school districts lack the funding, staff, and time to dedicate the resources needed to monitor account activity, a weakness that makes them especially vulnerable to malicious hacks. In fact, according to EdWeek Research, only one in five school cybersecurity budgets is allocated to securing cloud applications.
Combined with the fact that student data is an incredibly lucrative target for cybercriminals, these reasons make school districts a hotbed of malicious account activity.
![[FREE] Google and Microsoft "Spring cleaning" Control List. Download yours today >>”/></span></span></p>
<h3>What is an account takeover?</h3>
<p>An account takeover is exactly what it sounds like – the act of forcefully taking control of someone else’s online account.</p>
<p>In other words, an account takeover occurs when a person, i.e. a cybercriminal, gains unauthorized access to one or more internal online accounts, thereby allowing them to use it. as he pleases. The same goes for your cloud apps, including Google Workspace, Microsoft Office, and Sharepoint.</p>
<p>Once an account has been compromised, it is unclear what actions a cybercriminal might take. They could upload malware to your school district’s system, launch a side phishing attack, or even grant OAuth access to malware-infected third-party apps.</p>
<p>Take the example of the Downingtown Area School District in Pennsylvania. When a student hacked into a school’s login portal, he gained access to student IDs, grade point averages, and other personal information. In this case, the student wanted nothing more than a competitive advantage in harmless peer play.</p>
<p>But more often than not, hackers target student data for nefarious purposes. With login credentials in hand, they get free access to all data and files that account is connected to.</p>
<p>Therefore, account takeovers open the door for malicious outsiders to exploit sensitive information and hold district data for ransom. Consider the many types of data currently stored in your cloud environment:</p>
<ul>
<li><strong>Personally identifiable information:</strong> Names, addresses, social security numbers, etc.</li>
<li><strong>Financial Information:</strong> Credit card numbers, bank account numbers, etc.</li>
<li><strong>Medical records:</strong> Allergens, diseases, medical history, etc.</li>
<li><strong>Academic records:</strong> Notes, class lists, schedules, etc.</li>
</ul>
<p>Any given account may have access to an application or cloud service where these types of information may be stored. In turn, malicious third parties could expose this data or exploit it for monetary gain – two risks your district simply cannot afford.</p>
<h3>Risks and vulnerabilities</h3>
<p>To thoroughly clean up your cloud environment, it’s essential to know where the damage is happening. Generally speaking, account takeovers can happen in different ways.</p>
<p>Here are some of the most common:</p>
<ul>
<li><strong>Brute force cracking:</strong> Some criminals will try different passwords to find out which one is correct, usually using automated bots to do their dirty work for them. Weak passwords – those of eight characters or less – are particularly easy to crack. This is why the FBI recommends longer passwords than more complex passwords.</li>
<li><strong>Phishing attacks:</strong> Other tactics involve tricking unsuspecting victims into revealing login credentials, such as password hints or personal information. For example, some hackers design fake login portals that exploit the usernames and passwords of users who believe them to be legitimate. Or, fake emails from seemingly trustworthy sources may ask for personal information. Both are scams designed to solicit account information.</li>
<li><strong>Third Party Errors:</strong> EdTech SaaS vendors and cloud service providers can accidentally leak information or compromise themselves, exposing user credentials that may be tied to your district.</li>
<li><strong>Data Breach:</strong> Hackers compromise cloud applications to access login credentials and other types of information. Since 2005, a startling 28.6 million records have been stolen from schools in a data breach, according to Comparitech.</li>
<li><strong>Data leak:</strong> On the other hand, human error is always a factor. If sensitive data is mistakenly leaked outside the district – for example through a wrong attachment in an external email – it could end up in the wrong hands. Some cybercriminals even buy lists of stolen or leaked credentials.</li>
</ul>
<p><span id=](https://no-cache.hubspot.com/cta/default/6834707/394bb21b-3bff-4ea5-9cf3-de88e4d4fda5.png)
The post Evaluate Your District’s Account Login Activity appeared first on ManagedMethods.
*** This is a syndicated blog from the ManagedMethods Security Bloggers Network written by Alexa Sander. Read the original post at: https://managedmethods.com/blog/account-takeover/
