Skip to main content
NC School Connectivity Initiative

Email and Web Browser Protection

Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement.

Program Services & Resources

The following services and resources are provided by the NC K-12 Cybersecurity Program and provided to PSUs at no cost to help execute the actions defined in the NC K-12 CORE Safeguards:

Why is Email and Web Browsing Protection Important?

Web browsers and email clients are major targets for attackers because they directly interact with PSU students and staff, making it easier to trick them into revealing sensitive information or granting access. These tools are common channels for malicious code and social engineering. As enterprises shift to web-based or mobile email, they often lose built-in security features found in traditional email clients, such as encryption, strong authentication, and phishing detection.

What can you do?

Cybercriminals exploit web browsers through vulnerabilities in the browser itself or third-party plugins and extensions, some of which may be malicious. Keeping browsers and plugins updated, restricting installation of add-ons, and adjusting browser settings can help prevent malware installation. Enabling built-in phishing/malware filters, pop-up blockers, and DNS filtering services further strengthens browser security. Cloud-based protections such as Zscaler can add another layer by inspecting traffic before it reaches users, blocking access to malicious or high-risk sites, and enforcing safe browsing policies across the PSU.

Email is another common attack vector through phishing and Business Email Compromise (BEC). Alongside optional advanced email security services, PSUs already have powerful protections built into their existing platforms, such as Google Workspace and Microsoft 365. These platforms support features such as spam filtering, malware scanning, and impersonation defenses. Properly configuring SPF, DKIM, and DMARC records—and aligning them with Google Workspace and Microsoft 365 security settings—can address the vast majority of email security issues. The NC K-12 Cybersecurity Program supports this work through PSU-specific DNS Record Analysis Reports and best-practice guidance for platform configuration.

Restricting risky file types, coordinating changes with business units, and ensuring that email security settings do not disrupt critical workflows all help reduce risk. Continuous user training and phishing simulations remain critical so that staff and students can recognize and report suspicious messages. When combined—browser hardening, services like Zscaler, built-in email security protections, and user awareness—PSUs can significantly strengthen their overall email and web security posture.

Specific details and procedures are outlined in the K-12 Cybersecurity CORE Safeguards.

**NC K-12 Cybersecurity Community Mailing list subscription is required to access the CORE Safeguard materials**