Cybersecurity

Cyberattacks on school districts are not only a growing problem for school operations, they also pose a serious threat to the security of sensitive student and teacher data. Combatting cyberattacks is challenging and costly for school districts, potentially harmful to students and teachers in cases of data losses and can cause a serious breach of trust between schools and families.  FCPS continues to strive towards a comprehensive cybersecurity plan.

About

FCPS Cybersecurity

As reported by K12 Cybersecurity, there were 408 publicly disclosed K-12 cyber incidents in 2020, an increase of 18 percent over 2019. Compare that to 122 publicized cybersecurity incidents of 2018, and you start to see how these attacks have dramatically increased over the last couple of years. This increase is partially attributed to the pandemic and the switch to remote learning, as incidents almost tripled in the latter half of 2020. 

Cyberattacks on school districts are not only a growing problem for school operations, they also pose a serious threat to the security of sensitive student and teacher data. Combatting cyberattacks is challenging and costly for school districts, potentially harmful to students and teachers in cases of data losses and can cause a serious breach of trust between schools and families. 

What is FCPS Doing?

 

Taking Some Simple Steps

Cybersecurity is everyone’s responsibility. There steps that everyone can take to reduce the risk of threats. 

Microsoft Multi-Factor Authentication (MFA)

Microsoft believes that enabling MFA will eliminate 99.9% of the security issues that can occur against Microsoft accounts.

What Happens Once MFA is Turned On:

  • Once MFA is activated, personally owned devices that attempt to connect to Microsoft hosted fcps1.org services (such as online email) will be prompted to have an additional security check.
  • FCPS owned Windows computers are trusted by Microsoft and count as an MFA device, which means using a school issued Windows laptop and signing in through a compatible browser such as Chrome or Edge, will not have an additional prompt for MFA.
  • Accessing Microsoft fcps1.org accounts using a personal computer will prompt for security steps to be followed and will be required to go through those steps once every 90 days (four times a year).  Situations that would require this to happen more frequently would be actions such as clearing out browser cookies, using a different browser on the same device, or using private incognito mode in a browser.

MFA Authentication Methods (only one is required):

  • Call to Phone – When signing into your fcps1.org account, an automated phone call from Microsoft will be sent to whichever phone number you have provided the system at setup.  The call will provide you with a code to use for authentication.
  • Text to Phone – When signing in,  your phone will receive a code to type in with your login.  This requires Wi-Fi or cell service to be available.
  • Notification through Mobile App (Microsoft Authenticator app – available for iPhones and Android) – The Microsoft Authenticator app can be downloaded to your phone and configured to just ask, on your phone, if you are attempting to sign into your fcps1.org account, and if so, you answer yes.  This method requires your phone to have internet connectivity via Wi-Fi or cell service. 
Google 2-Step Verification
  1. After logging into your Google Workspace account (fcps1schools.net), click on the application icon () in the top right-hand corner of your browser. Click on the Account icon.
  2. In the navigation panel on the left, select Security.
  3. Under “Signing in to Google“, select 2-Step Verification, then Get Started
    1. You will likely be asked to re-enter your Google Workspace password.
  4. Follow the on-screen prompts to complete the process. You have the options to
    1. Set up Google prompts (Android or iPhone required)
    2. Receive a text message or phone call.
    3. Use an authenticator app on your phone (e.g. Google Authenticator for Android or iPhone)
    4. Use a physical security key (e.g. YubiKey)
    5. Use printed backup codes

More information can be provided from the Google Support page about 2-Step Verification.

Once you have set up your first 2FA authentication method, you will be able to set up additional authentication options on your account. These include:

  • The three initial methods (text message/phone call passcodes, Google Prompts, security key)
  • Backup codes
  • Authenticator app

Google recommends setting up at least one additional authentication method if you can, in case your primary method is unavailable.

Additional information related to the Google Authenticator app and backup codes can be found at the University of York’s support page. These options can be used as alternative methods over texting.