November 7, 2025

Cybersecurity for the Rest of Us: 2025 Edition

Ahhh, cybersecurity – the fun topic we’d rather not think about and usually only do once it’s too late. As the internet gets busier and tools, including AI, get more sophisticated, bad actors will continue experimenting with new methods to take advantage of both larger-scale organizations and vulnerable populations. While high-level protections are often implemented by experienced security technicians, there are key best-practices for the rest of us that can provide first-line defense to protect ourselves and our organizations.

Category: EdTech CMS Best Practices

Between news reports of major security breaches or annoyances like increased spam/phishing attempts, cybersecurity incidents have consistently increased year-over-year with 2025 on track to break new records in data-breaches. Here's several actionable ideas to help strengthen your personal or organizational resilience against today's common threats.

Use Multi-Factor Authentication (MFA)

MFA is requiring multiple authentication methods to add additional security layers to systems requiring a login. With MFA, if someone gets ahold of passwords, they will also need to prove their identity through additional methods such as text message or specific authenticator apps to provide a key-code for login. While MFA has been around for years, more recently we’ve seen most digital systems start requiring their use. Yes, they often add a second step to accessing systems (argh) but typically don’t require re-authentication for each login on trusted devices. With most digital tools moving toward MFA, the transition is becoming easier for the average user. Most districts/organizations already use either Google or Microsoft products to manage staff accounts and logins, both offering MFA through their Single-Sign-On (SSO) options.

Recommended - Consider switching website logins to use Google/MS (Entra) Single-Sign-On (SSO), both supported by Foxbright.
Alternative - Use Foxbright's Multi-factor Authentication option for internal accounts. Contact Foxbright Support to get started.

In addition to the increased security provided by MFA, SSO offers other benefits:

Easier control of password requirements / periodic resets / re-authentication / De-activation
Single login for staff to maintain
1-click dashboard access when already logged into Google/MS
SSO also active for protected areas / intranet pages

Enhance Security Infrastructure

Just like MFA adds an extra step for users, strengthening your security infrastructure adds additional protection behind the scenes without disrupting the user experience. Examples include advanced Distributed Denial of Service (DDoS) protection through Domain Name Server (DNS) providers and enhanced email security that can scan for and flag suspicious language, senders, links or attachments to stop malicious emails before they reach their destination. While DDoS protection is more related to website stability, it is connected to the broader topic of cybersecurity as even the most robust systems can be targeted, causing bad experience for end users through outages, de-stabilize entire hosting environments, and drawing from an organization's sometimes limited resources to mitigate. In extreme cases, malicious outfits can use DDoS attacks as a tactic to ransom digital assets.

Foxbright takes a multi-layered approach to protecting our hosting environment, but as attacks grow more frequent and sophisticated, the strongest defense comes when partners also add their own security layers—creating a kind of digital “herd immunity” that helps minimize disruptions and control costs.

Recommended: Review Current DNS DDoS Offerings or Use Cloudflare for Free Enhanced Security

While most Registrar/DNS providers offer products like 'Enhanced DNS' or other protections, these add-ons can add up quickly. Many large scale organizations have made the transition to Cloudflare for their proven reliability which has propelled them to be a top-name in the DDoS and broader cybersecurity space. Based on our extensive research and personal use, Cloudflare is the only DNS provider offering comparable levels of protection for free. Through rotating proxy servers and backups, Cloudflare is able to react in real time to attacks while keeping websites or applications uninterrupted for public use.

Cloudflare provides advanced DDoS protection for free, and offers additional low-cost security enhancements and services.
The free protection options from Cloudflare surpass most high-cost alternatives from comparable DNS services.
Cloudflare has partnered with the US Government to offer free website and email protections for certain K-12 Districts:
- Project Cybersafe Schools: Bringing security tools for free to small K-12 school districts in the US
Foxbright can assist our partners with their transition to Cloudflare services.

Any organization can utilize Cloudflare's free protection plans regardless of Project Cybersafe qualifications. Foxbright has no affiliation with Cloudflare nor are we paid to promote them - we, along with many of our partners, simply benefit from their services!

Alternatively, Foxbright now offers DDoS protection add-on via Azure. Monthly cost ranges from $50-$200/month depending on organization size. Email Foxbright Support to learn more.

Review Admin Access

Not every user needs access to everything. With less Web Administrators, there are fewer targets for hackers that would yield full access to the entire system. In the rare event of an account breach, the bad actor would only have the ability to make changes based on that user’s permissions. Even if the staff member is fully trusted as an administrator, if they don’t need full access then reducing permission levels can mitigate damages.

Protect Staff Contact Information

Bots and scammers have long been collecting email addresses from around the web for their schemes or sharing on the dark web. Whenever possible, it is best practice to hide staff emails from visitors, especially on the full staff directory where it can be easy-pickings to copy 100’s of email addresses at once. Once emails start circulating, it can open the door for scam or phishing attempts from other nefarious outfits.

Prevention Tools

Foxbright’s staff directory default is to hide email addresses and route communications through a contact form where direct addresses aren’t available. While a bad actor could still contact staff through the form, it requires much more effort to contact all staff at once and they won’t have the direct address to save in their records.
Contact forms can be hidden for non-admin staff if needed, or completely shut off during a wave of concerning activity.
Common scam phrases/keywords can be added to contact forms to mark them as spam and alert staff to be mindful about specific verbiage. Sender IP addresses can be blocked from sending new messages.
Add a Captcha system to all forms to prevent bot spam and add more effort for scammers to send messages. Foxbright’s built-in captcha can mitigate bot activity while Google reCaptcha is supported and is recommended for additional security.
Customized verbiage can be added to subject lines or within contact form messages to remind staff to be mindful of incoming messages.

Train to Spot Scams/Phishing

Even on the tightest ships, it is inevitable for staff to receive scam emails. The best prevention for incidents is properly training staff to be cautious of suspicious emails and have a process in place to have technical staff verify if emails are legitimate. Reminding staff of the potential for scams in periodic staff communications may suffice to keep them mindful of the risks. One common scam targeting schools involves impersonating administrators to request money, gift cards, or other items of value. Reinforce policies reminding staff that administrators will never make such requests through the website directory, and that suspicious emails should always be verified before responding. Policy items could include:

Never send personal identifiers or financial information.
Never send sensitive information about other staff/students/parents through email, especially when requestor is unverified.
Do not click or open suspicious links or attachments.
When in doubt, defer to technology and/or administrative staff for verification. Clients are welcome to contact Foxbright Support for general advice regarding suspicious emails.

Use Proprietary Tools and Keep Systems Updated

Most digital tools require periodic updates – many of which include various security updates. It is important to monitor for updates especially for systems holding sensitive data. Foxbright is constantly monitoring cybersecurity spaces and often add security-related updates during site upgrades. Additionally, we have multiple partners using tools from Cybersecurity & Infrastructure Security Agency (CISA) for additional security support and we work closely with them to address any concern. CISA’s Online Toolkit provides resources and information for educational organizations covering many topics discussed in this post and more.

Be mindful of 3^rd party tools or plugins not properly vetted or from a reputable developer, especially if integrated within a system containing sensitive data.
All of Foxbright’s website tools are proprietary and built by our developers.

Local Backups

It is good practice to keep a copy of important documents separate from digital spaces in event of an unanticipated hack or purge of data. Ideally, store important documents in an official storage location for the organization in a local network/drive. If the documents contain sensitive information, storage locations should be properly secured – it is not recommended to store sensitive data on individual unsecured staff devices.

While Foxbright takes cybersecurity seriously and has password protected features, publicly available websites are generally not the best location to store sensitive information. It is good practice to periodically review old documents no longer needed on the website for removal and/or moved to a local offline drive for safekeeping. Tidiness has other benefits too!

Websites are not built like a repository – limiting file storage to only what’s needed will improve dashboard speeds as less is demanded from the database.
Removing outdated files eliminates the need to ensure ADA compliance for those files, can reduce FOIA obligations for non-required documents.
Foxbright has tools to easily download bulk files or entire folders as a zip folder. The system will provide a warning if deleting a file used on a webpage.

Talk with Colleagues

If you’ve been the target of suspicious activity, discuss it with colleagues or administration – if others have been targeted as well then collecting data-points can help technicians refine and focus security efforts. For technology administrators, subscribing to or monitoring EdTech forums or other security-focused discussion boards can help keep informed of hacking/phishing trends to keep an eye on, or add protocols for.

Conclusion

Like anything, there’s way more to this topic than would fit in a post (or my expertise). Security practices are a multi-layered approach, hopefully some of these topics will help strengthen your organization’s protocol. Never hesitate to contact Foxbright Support with concerns about website security or suspicious communications!

What Foxbright Clients Say

- Blissfield Community Schools "We have used Foxbright for almost 9 years now and have had a great working relationship with them. Responses are always quick and courteous."

- Blissfield Community Schools "We recently did a redesign of our website and we are so pleased with the new web interface. Their interface is easy to use and intuitive. Foxbright continues to keep up with the trends and over the past 9 years there have been many new features and functions."

- Byron Center Public Schools "We are very happy with this organization. They are great to work with! Sharp group of professionals and always helpful."

- Grand Ledge Public Schools "Foxbright's client service is second to none!"

- Grand Ledge Public Schools "For many people, a school district's website often provides the first impression... and those are very powerful and influential. I can not imagine using a different website technology provider – I think Foxbright is tops in so many ways!"

- Kent ISD “Foxbright is a technology company that knows how to communicate, rather than a communication company that dabbles in technology.”

- Muskegon Area ISD "We been very satisfied with the quality and flexibility of Foxbright's CMS. We continue to enjoy a positive and creative partnership with Foxbright and look forward to implementing new features."

- Saline Schools "When any issue comes up, the Foxbright support team is only an email or phone call away. They always respond very quickly to the issues which wasn't our experience with our last website vendor."

- Saline Schools "The PD yesterday was awesome! The hybrid you did for us was great. It was short, quick and covered the areas we wanted to in a short time. Thank you for being flexible and rolling with our PD style yesterday. Excited to be ADA compliant."

- Vicksburg Community Schools "Our Head of Technology and I both marveled at how thorough, seamless, simple, and cost-efficient the site transfer process was last Fall and at how easy it is to maintain and change the site to fit our needs. Thank you for all you do to help us look good!"

- Wayland Union Schools "Our experience in working with Foxbright to create the new website was wonderful from start to finish. We finished the project under schedule and our parents, staff and community are happy with the new site."

Want to Learn More About Foxbright?

ADA Compliance Checker Is your website up to date with the latest American Disability Act regulations? Here’s how to find out: Take Survey

Live Demo Schedule a demo to experience the Foxbright features in action and see if they would be a good fit for your needs. Live Demo

Website Design Gallery Explore a variety of education website custom designs and flexible templates to inspire you. Explore Now