Securing the Digital World

Is Cybersecurity Training on your Back-to-School List?

Sep 08, 2020 | by Angel Grant, CISSP |
Father helps son with assignment as teacher conducts class virtually

For parents and guardians, this year’s back-to-school shopping and planning process was very different. One item that was not on the list sent from my kids’ school: cybersecurity awareness. 

From K-12 to higher education, many U.S. schools and universities will offer a mix of virtual and in-person learning this academic year. It’s an experience many teachers, parents and students are not used to. Thus, virtual learning will lead to an increase in cybersecurity risks for these communities. It’s why I think the back-to-school shopping list needs to be expanded beyond pens, spiral notebooks and highlighters. We must include education about cybersecurity best practices!

For school administrators and parents, cybersecurity hygiene is not usually top-of-mind. It may come up after an incident occurs, but it’s not part of daily vernacular. However, with the immediate shift to online education this academic year, now is a fantastic opportunity to proactively talk about cyber awareness. 

When the pandemic first hit and schools closed, RSA was one of many companies that offered advice on building cyber resiliency at home. Since then, as more of our work, play and learning shifted online long-term, there’s a surge in cybercriminals targeting schools and students with things like phishing and ransomware attacks. As a result, child identity theft is on the rise as school records – treasure troves of personal information – are compromised. 

Many of the attacks start by targeting the school’s administration with a phishing email as critical information is easily found in the school directory. Then, criminals will target families with communications that pretend to be from the school.

Cyber Disruptions are Becoming More Frequent

Separately, we’re also seeing how vulnerable some of the virtual learning platforms are to manipulation. The Miami-Dade Country Public Schools were interrupted for three days by a series of DDoS attacks initiated by a 16-year old student in the community.

In Oklahoma, the start of the school year was delayed because of a ransomware attack. These examples demonstrate the many ways that virtual learning can be disrupted by cybersecurity risk.

Developing Your Cybersecurity Checklist

If virtual learning is the new normal, cybersecurity education must be a part of the curriculum. It must become second nature for students, teachers and parents.

To address this, schools could offer mandatory cybersecurity training for staff and students, and offer a simple back-to-school checklist of things to prepare.

As for parents who are trying to navigate this new normal, start by doing the basics:

  • Don’t use the same device(s) for work, personal use and school.
  • Educate students’ (no matter their age) about the importance of not sharing or reusing passwords.
  • Understand the school’s security policies, and how they’re safeguarding students’ information.
  • Don’t share your logins! Schools should not ask you to send them this information via email.
  • Talk with your students about what behavior or online activity is appropriate to do while using school devices.
  • Only download school-approved apps to minimize risk.
  • Configure privacy settings on all online accounts to avoid oversharing information and location data.
  • Change default settings and password protect your home WiFi network.
  • Be mindful of fake emails or calls from people pretending to be from the school and asking for private information.
  • Understand your students’ digital footprint – what social media platforms, apps, gaming, etc. are they using regularly.
  • Monitor your students’ identity to ensure it was not compromised and consider freezing their credit.

Remember, this crisis will pass, but online is forever. That’s why it’s more important than ever to educate your students about the dangers of sharing sensitive information online. Anything they share online is permanently accessible and could easily be leveraged against them, or even your family. This includes: social media posts, online surveys, discussions on gaming consoles, texts, emails, etc.

There are more resources and tips available for you and your family from places like the National Cybersecurity Alliance and Better Business Bureau.