As we gear up for a return to school, aligned with the latest COVID-19 guidance to keep students, their parents and teachers healthy, it’s also critical to remember to practice basic cybersecurity hygiene to stay safe online.
Schools tend to run older equipment and software, meaning they can be more susceptible to cyber-attacks since legacy systems are more difficult to update. Compounding this problem, many students, parents and teachers are not following cybersecurity best practices with their devices. This creates the potential for hackers to wreak havoc on educational institutions.
New data from Palo Alto Networks revealed that the percentage of traffic from phishing URLs (which direct users to fake websites to steal personal information) targeting the education sector globally had increased 47% in June and 27% in July. These figures show that hackers are ramping up their attacks ahead of back-to-school season.
Touching on best practices for cybersecurity hygiene to stay safe online, here are my top three tips for a safe return to school.
Use Different Passwords for Different Accounts and Devices
This is a security best practice that everyone struggles with. A 2020 report by SecureAuth revealed that 53% of people admit they reuse the same password for multiple accounts, making it easy for hackers to hijack accounts and steal personal information.
This is a common problem at schools. For example, I’ve seen instances where teachers share passwords for streaming services in the classroom. Hackers can exploit this type of password sharing to steal credentials and potentially compromise accounts for other online services if the same email and password are used.
Use a strong username and password for every account and device, then use a password manager to keep track of everything. From there, use a strong username and password for the password manager itself and make sure to enable two-factor authentication (2FA). 2FA strengthens security by requiring two methods to verify your identity, such as something you know (for example, a password) and something you have (for example, a device). 2FA secures your logins from hackers who exploit weak or stolen credentials. With 2FA enabled, the password manager has an added layer of security for the personal information it holds.
Get Involved: Make Sure Your School is Prepared
It’s important to be aware of whether your school is protecting your child’s privacy and taking steps to prevent hackers from disrupting their education.
"Ransomware, in particular, has become a global crisis, with education a heavily targeted sector"
Earlier this summer, the National Cyber Security Centre (NCSC) issued an alert in response to the increase in ransomware attacks on the UK education sector, including schools, colleges and universities. The campaign emphasizes the need for organizations in the sector to protect their networks and follow government guidance on ‘Mitigating malware and ransomware.’
Ransomware, in particular, has become a global crisis, with education a heavily targeted sector. Students’ personal information is especially valuable for hackers because children and their parents are less likely to notice that someone is using their identity to commit fraud, especially if they don’t have a bank account in the child’s name to alert them.
Ask your school what they’re doing to protect against cyber-threats. Are they investing in cybersecurity solutions to protect their infrastructure and your child’s information? Are they raising awareness on security issues with training for students and teachers? The more you can learn about your school’s cybersecurity preparedness, the better.
Recognize that Your Children Are Tech Savvy, But Not Cyber Savvy
Today’s children are growing up in the digital age of screens and social media, and it can be difficult as a parent to keep pace with the latest technologies and platforms. According to 2020 Ofcom research, four in 10 parents of 5–15s found it hard to control their child’s screen time.
Familiarize yourself with your children’s devices and learning platforms, particularly with how to configure parental controls and privacy settings. Children know the workarounds, so you’ll need to be vigilant about the content they have access to.
Make sure that you’re practicing basic cybersecurity hygiene with your children and their devices, including enabling 2FA, knowing how to spot a phishing scam, installing the latest software patches, covering up webcams when they’re not in use, avoiding the use of public Wi-Fi networks and, as mentioned previously, using strong passwords.
Children are taught basic safety tips like not talking to strangers and fastening their seat belts in the car. It’s also critical to teach them basic online safety tips to protect their digital way of life — at home and in the classroom.