With the pandemic causing districts to go online in March of 2020, to continue to reach out to their students, students started becoming more vulnerable to cyber actors. Cyber actors are a person, group, or entity that creates all or part of an incident with the aim to impact an individual’s or organization’s security. Districts have had to become more hyper-aware of the impact of the actors online presence and ensure their students', and the identity of the student's, safety. After returning back to the classrooms, online learning didn't go away. Many educators found ways to continue to use online resources to grow their lessons and the students' knowledge of the curriculum. Cyber actors started gaining more information about students, by hacking into districts firewalls. Students are the easier target, no one notices the terrible credit score of an 8-year-old. Their identity can continue to be used for years before ever being found out. Some data was even being held ransom in what is being called ransomware attacks.
News stories have gone out about doxing, which is the release of personal information, usually with malicious intent. These cyber actors will gradually learn pertinent information from the students by phishing for information. Phishing is a fraudulent attempt to obtain information by pretending to be someone the person can trust. In the most extreme cases, this has caused the student to commit suicide due to the release of private information. Doxing and phishing are only two methods cyber actors use to attack students online. School districts need to be aware of these in case cyber actors try to reach students through any school-assigned accounts. However, Domain Spoofing, registering web domains similar to legitimate websites in an attempt to trick individuals who mistype URLs or click on similar-looking URLs, and End of Life Software, out-of-date software, and equipment that no longer receives patches, security updates, technical support, or bug fixes, making the user vulnerable to attacks, are two that your district can prevent on campus by using technology that is up to date, and website restrictions.
If your district uses video conferencing, we suggest you set up some best practice rules as well.
- Just like their computers should be updated, so should their video app. Make sure staff and students are using the most recent version.
- Require passwords for session access and students to avoid sharing passwords or meeting codes.
- Have a waiting room to vet who comes into the meetings and prevent participants from entering rooms prior to host.
- Establish policies to require participants to sign in using true names rather than aliases.
- Ensure only the host controls screen sharing privileges.
- Implement a policy to prevent the host from exiting prior to the departure of all participants.
CISA.org has a prep list to help prevent cyber attacks. Here are the ones that really stood out to us.
- Patch operating systems, software, and firmware as soon as manufacturers release updates.
- Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts.
- Use multi-factor authentication where possible.
- Set antivirus and anti-malware solutions to automatically update and conduct regular scans.
- Configure network firewalls to block unauthorized IP addresses and disable port forwarding.
What else can you do?
Continue to teach cybersecurity to the students in your district. Remind them not to give personal information out to those seeking it online. Bringing technology into school can do great things for them. Social media is a big part of their lives that is not fading away anytime soon. However, having so much technology at their fingertips can be dangerous if they aren't properly taught how to protect themselves and their identity. Students need to be taught how to stay safe online now more than ever.
Don't want to read the entire article? Here is our video.