With the Summer holidays coming to an end, students across the UK will soon be returning to the classroom. As preparations for the next academic year commence, now is the time for everyone do their homework and ensure a cyber-savvy approach to schooling sits front and centre for 2018 and beyond.
Hackers typically target teachers and parents around this time because they are often ill-equipped to deal with cyber thefts. At the same time, sensitive data held by schools, such as children’s medical records and academic achievements, are lucrative on the Dark Web. Malware and phishing are the most popular types of attacks, according to research commissioned by the educational insurance company, Ecclesiastical. In fact, twenty per cent of educational institutions have been targeted by these types of threats where universities, which are generally better prepared than schools.
Tips for staying top of the class
Education and awareness are the foundation for best cybersecurity practice and to help protect personal data. From parents to pupils, all users play a vital role in ensuring their computers are up to date with anti-virus software and that there is a general culture of online vigilance.
Here are some useful tips to keep you on top of the cybersecurity class.
- Install malware protection – Block malicious emails and prevent viruses and malware being downloaded from websites. Establish and maintain malware defences to detect and respond to known attack codes
- Patch management – It is important to regularly plug vulnerability gaps with the latest software to prevent malicious bugs and bots
- Implement a secure baseline build for all operating systems – This should include hardware (internal and external drives) and application software. However, unauthorised users with ‘normal’ privileges must be prevented from installing erroneous software. Any application that does not support the user should be removed or disabled
- Change computer configurations – Implement internet controls and email access privileges to limit exposure to spear phishing. It also reduces hackers’ abilities to gain widespread system access via a single vulnerability
- Set a robust password policy – Use a Password Manager to create complex passwords. Such passwords could potentially be stored in an encrypted database or generated on demand. This approach makes it difficult for both hackers and automated tools to break into your system
- Device controls – Conduct regular Internet of Things (IoT) device security audits. It is vital to test IoT products, such as toys, before purchase or use
- Don’t forget Bluetooth – It is possible to access IoT-enabled toys via an unprotected Bluetooth connection, enabling hackers to inject unwanted messages or remove data and images. Parents should read the manufacturer’s safety and privacy policy. Ideally, the access rights to the toy and its app can be restricted
- Avoid mobile misuse – Separate personal mobile phones from schoolwork. Mobile games and gadgets are good, but mobile apps are different from web applications and can be vulnerable to automated bots facilitating content scraping, as well as denial of service and API attacks
- Robust training and education – Teachers and parents should understand their role in keeping their school and homes secure, as well as report any unusual activity. Put plans in place for Security Incident Management to swiftly deal with an attack and reduce operational impact
Lessons learned
Young peoples’ lives are increasingly dominated by the digital world, which provides an enormous opportunity to advance education and enjoy digital entertainment. However, cybercriminals are ever-present and use sophisticated methods and tools to exploit vulnerabilities in our everyday applications and data defences.
In 2017, a cyber-attack on Edmodo, an educational social media platform, resulted in personal details belonging to millions of teachers, pupils, and parents being sold on the Dark Web.
Now is the time to get faster, smarter, and safer with cybersecurity and make learning a journey of discovery through safe practice and a culture of compliance. Doing nothing is no longer an option. It’s time to think more about prevention and put hackers in detention.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.