Introduction
It’s not just the responsibility of IT professionals to be vigilant when it comes to cybersecurity. In order to ensure the safety of everyone in the school system it’s imperative that teachers, students and parents work together to encourage safe cyber security practices both at home and on campus.
You may think the education sector is last on the list of priorities for cybercriminals, but in reality schools and universities are data-rich goldmines. Think of all the personal information (credit cards, full names and addresses, academic research) schools have onsite. Now add on the fact that the education sector ranked least cyber secure among 17 industries, and you have a recipe for disaster.
The highest vulnerabilities were present in application security, keeping software up to date, and a lack of cybersecurity awareness amongst both staff and students, leading to successful phishing attempts.
What is Cyber Security?
By definition, cyber security is the practice of protecting and defending computers, networks, programs and data from malicious attacks.
Cyber security can (and should) come in many forms. Most people presume that implementing anti-virus software is enough to keep malware and viruses out of their systems and networks. Alas, this is not the case. Cyber security is an ever-evolving issue that must be tackled and reviewed on a regular basis. Furthermore, a large number of data breaches and cyberattacks occur as the result of human error. That’s why at eStorm we believe schools and teachers must take on a comprehensive approach in order to keep all aspects of their cybersecurity current and impenetrable.
Successful cybersecurity approaches have multiple layers across networks, devices, platforms and people. It’s imperative that these components cooperate in order to create an effective defence against cyberattacks. For example, you can have the most expensive anti-virus software in the world, but that won’t do any good if staff, students and parents are not able to quickly pick up on email or phone scams. While some layers of protection are certainly better than none, it is just as important to encourage cybersecurity awareness as it is to apply your focus on network and application security methods.
All in all, there is no ‘one-size-fits-all’ approach to cybersecurity, nor is there a blanket approach that you can quickly implement to ensure your school and student data is protected. As mentioned, cybersecurity must constantly be advancing as hackers come up with new ways to attack digitally, therefore staying on top of your cybersecurity procedures will guarantee protection against corruption and the privacy of your school’s data.
How do Cyberattacks on Schools Occur?
There are a multitude of ways that cybercriminals can infiltrate school systems, with the most common being:
Phishing:
Phishing is the practice of sending fake communications (most commonly emails) that seemingly come from reputable sources with the intention of tricking teachers or students into supplying private or financial information or installing malware. Using this information, cybercriminals can then gain access to student/teacher portals to either exfiltrate personal and financial data or upload viruses/malware.
Ransomware:
A ransomware attack occurs when a school’s system is infiltrated by a virus, bringing operations to a halt. Cybercriminals will hold the system hostage until the school agrees to pay a certain amount of money. The data held can include lesson plans, school portals, financial information, and personal employee/student records. Given the sensitive nature of information pertaining to children and minors, this should be avoided at all costs.
Options are limited once a school’s system is held for ransom, especially if the school does not have multiple backups in place, which means oftentimes schools have no choice but to pay up.
CYBER SECURITY TIPS FOR TEACHERS
1. Back Up Your Data:
Ensuring you are consistently backing up your data (including cloud or external back ups) means you will not be locked out if your school is the victim of a ransomware attack. Visit our best practices for data back up blog post for more info!
2. Password Management:
Maintain unique passwords for your accounts. Re-using passwords means that in the event of your information being obtained during a data breach hackers may be able to access other linked email, social media and bank accounts.
3. Follow Your School’s Cybersecurity Policies:
It’s more than likely your school already has some cybersecurity policies in place (such as not accessing schoolwork/portal via public wifi or letting other people use your work devices). These policies are in place for a reason, and following them provides better protection for your school and your students.
More resources: https://security.berkeley.edu/education-awareness/back-school-cybersecurity-tips
CYBER SECURITY TIPS FOR STUDENTS
1. Avoid Sharing Personal Information:
Always be mindful when sharing personal information online (such as your school name, email and home address, and phone number). This protects your identity from online predators and scammers.
2. Watch What You Click:
Avoid following links to unknown sites and downloading software or apps from untrusted sources. When receiving emails, always check the email address is from a trustworthy source before opening attachments or clicking on links to avoid phishing attempts and virus downloads.
3. Keep Software Up-To-Date:
Keep on top of software, app and browser updates to ensure they have the maximum protection against hackers and viruses.
4. Virus Protection:
Ensure your devices (phones, tablets, computers, laptops, etc.) have some level of virus protection to protect against phishing and viruses, and run a virus scan weekly.
More resources: https://www.cisa.gov/publication/stopthinkconnect-parent-and-educator-resources
CYBER SECURITY TIPS FOR PARENTS
1. Monitor Internet Usage:
Protect your children by implementing parental controls on devices and monitoring their online activity.
2. Communication:
Teach your children the importance of privacy and password protection. Discuss what information is appropriate to divulge to strangers and how they should conduct themselves on social media, and encourage them to create strong passwords.
3. Use Secure WiFi:
Ensure your wifi includes encryption and has a strong password to restrict access to others. Only share your password with people you trust, and set up parental controls to restrict access to inappropriate or dangerous sites and downloads.
More resources: https://staysafeonline.org/stay-safe-online/managing-your-privacy/tips-parents-raising-privacy-savvy-kids/
Are you worried your school’s cybersecurity policies and systems aren’t as strong as they could be? Check out our Cyber Security page for more info on how eStorm can help keep your school and your students secure from cyber threats.
