Resources for Practitioners | Cybersecurity and Cyber Safety

Microsoft Exchange On-Premises Products Vulnerabilities

Excerpt from the FBI-CISA Joint Advisory: The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of on-premises Microsoft Exchange Servers (Exchange Online is not affected). Successful exploitation of the vulnerabilities could allow adversaries to compromise networks, steal information, encrypt data for ransom, or execute a destructive attack.

CISA encourages affected organizations to read the Federal Bureau of Investigation (FBI)-CISA Joint advisory for more information and the Microsoft Security Response Center and CISA’s Remediating Microsoft Exchange Vulnerabilities for mitigation and patching instructions.

• DHS Emergency Directive 21-02
• FBI-CISA Joint Advisory
• Microsoft Security Response Center
• Remediating Microsoft Exchange Vulnerabilities

Additional Resources

• National Cyber Awareness System (NCAS): Includes listservs for alerts, notifications, and weekly bulletins from Cybersecurity Infrastructure Security Agency (CISA) NCAS (formerly US CERT). Weekly bulletins include a comprehensive list of new cyber vulnerabilities along with patch information when available.
• For example, the Alert AA21-062A was sent out last week regarding the Microsoft Exchange Server Vulnerability and the following were sent out today:
  • Google Releases Security Updates for Chrome
  • Vulnerability Summary for the Week of March 8, 2021

Cybersecurity and Cyber Safety Resources for Schools

• Transition to Distance Learning Creates Opportunities for Cyber Actors to Disrupt Instruction and Steal Data; This public Service announcement from the Federal Bureau of Investigation (FBI) presents information and numerous additional cybersecurity and cyber safety resources for schools as they address cybersecurity. 

• Cybersecurity Considerations for K-12 Schools and School Districts: ED’s Readiness and Emergency Management for Schools (REMS) Technical Assistance (TA) Center provides this fact sheet provides information on threats facing school and school district networks and systems, preparing for threats, and cybersecurity’s relation to EOP development and planning.
• Cyber Safety Considerations for K-12 Schools and School Districts ED’s REMS TA Center provides this fact sheet with information on online threats to students, preparing for online threats to students, and cyber safety’s relation to EOP development and planning. (November 5, 2017).
• Keeping Students Safe Online During School at Home (June 8 2021): An informational piece disseminated June 8, 2020, describing the threat and actions school communities (including students, staff, and families) can take to help continually protect against, prevent, and mitigate, be ready to respond and recovery from possible incidents alongside resources. The TA piece incudes resources from DHS and CISA. Following are additional informational pieces shared:
  • Dear School Safety Partner: Cybersecurity and Cyber Safety (May 20, 2020)
  • Cyber Safety Quick Links for Protecting Youth: Empowering Students to Become Responsible Digital Citizens and Engage Online Safely (May 11, 2020)

• Digital Learning Guides, ED’s Office of Educational Technology (OET) has a series of guides supporting the school leaders, teachers and families.

• Parent and Family Digital Learning Guide
• Guía de Aprendizaje Digital para Padres y Familias
• Teacher Digital Learning Guide
• School Leader Digital Learning Guide