Cybersecurity. SCAMs. Phishing… your next ‘COVID infection’?
As if a return to work in a COVID environment wasn’t hard enough for teachers and support staff through remote learning and close contacts, cybercriminals have turned their attention to K-12 schools and their staff to target any weaknesses.
Schools also suffer through increased costs in Information Technology (IT) solutions to combat these attacks, to fix any breaches or in a worst case scenario, pay to release ransomware from their computer server.
These weaknesses are based around hacking but they are also based on human weakness – the empathy to want to help and respond or to trust that the sender really is who they state they are.
Any breaches on your school device or to student information may bring action against you personally re your employment.
Targeting your inability to recognise email risk is the key
The pandemic changed the way the world worked and learned. Teachers were required to offer online teaching through ZOOM meetings and accept assignments through various methods of electronic transfer.
Cybercriminals picked up on the communication change in education and used phishing attacks designed to look like students handing in work. The emails had malicious attachments (malware) with macros—a macro is an automated input sequence that imitates keystrokes or mouse actions—that would download ransomware and encrypt teacher files, leaving them with the difficult choices of pay the ransom, restore from backup, or permanently lose their critical files.
In just one month in 2020, Microsoft’s Global Threat Activity Tracker detected more than 8 million malware incidents — with education being the most affected industry.
As a result of the recent rush to adopt e-learning, the field has been exposed to an increase in cyberattacks; cybercriminals are finding opportunities to defraud schools, steal sensitive information or deploy ransomware schemes to extort money.
What do common cyber-attacks look like?
SCAMs
Online scams are sophisticated messages, often using professional looking brands and logos to look like they come from a business you know. At first sight this can make it difficult for you to know what is real and what is fake.
A scam message can be sent by email, SMS, dating sites, social networking sites, instant messaging or even through videophone communications such as Skype or FaceTime. You may be offered private information to convince you that they know you and may ask you for money upfront to help with an emergency.
Read more about SCAMs here: https://www.cyber.gov.au/acsc/view-all-content/threats/scams
Phishing scams
Phishing scams can be incredibly easy to spread from one member of staff to another until all the teachers and support staff have been hit. Phishing scams typically come through email and are designed to look legitimate in order to obtain sensitive data, such as usernames and passwords. They may appear to come from another member of staff to look trustworthy, but in reality, this person has already been hacked. This includes connections made through common software such as Google Docs.
Read more about Phishing here: https://www.cyber.gov.au/learn/threats/phishing
What can education staff do to protect themselves from cyber attack?
Berkeley University suggest 5 ways teachers can protect themselves:
- Encrypt Your Data: Hackers today can obtain classroom data by intercepting it while actively in transit. By protecting your data using encryption, you can prevent cyber attackers from stealing the data that you send and receive. Your school should have data encryption on any transfer from your work device to its extranet/intranet/server. Do not use public Wi-Fi for data transfer – only ever use school-secured connections.
- Comply with Your Institution’s Cyber Protocols: It is very likely your school already has cybersecurity measures in place to protect users. It is important to follow these provisions and contact your IT department immediately if an issue arises. This is really important – you must follow your schools directives in order to avoid future matters relating to your conduct.
- Safeguard Your Devices From Physical Attacks: Always log out of your computer when you step away. To keep passwords safe, try to avoid writing them down or entering your credentials within view of someone else.
- Back Up Your Data: If your work or institution requires the storage of student data, it is important to back it up to prevent attackers from targeting this private data in Ransomware-style attacks where you may be locked out until a ransom is paid.
- Practice Good Password Management: It’s easy to take shortcuts when it comes to passwords. Don’t. Use strong passwords and password management.
Students need to understand this risk as well
Since teachers communicate often with students online, educating them on the dangers of malware and phishing empower them to identify these messages. This should be a school responsibility in their cyber security and IT procedures. Be sure to explain this to your students.
The School must be on the front foot to protect everyone
This digital transformation of the education sector presents challenges in securing communications and protecting students from falling victim to online attacks. Universities and Schools need to be able to quickly and easily protect their students and staff from online threats.
If you are concerned about cyber-security at your school, talk to an IEU Organiser about what to do next – contact our office on 8410 0122 or email enquiries@ieusa.org.au
Sources:
https://www.cyber.gov.au/acsc/view-all-content/threats/scams
https://www.cyber.gov.au/learn/threats/phishing
https://www.secureworld.io/industry-news/bec-attacks-target-teachers
https://www.titanhq.com/blog/latest-phishing-attack-targets-teachers/
https://blog.tcea.org/four-cyber-security-tips-teachers/
