The education sector in general has been progressing with its cybersecurity posture and maturity at varying rates.
Higher Education has been moving to online delivery methods over several years and many have dedicated cybersecurity teams within the broader IT group. Schools, on the other hand, were not as well positioned to support the multiple aspects of moving to large-volume online learning. Schools have now increased security obligations particularly when keeping student data and content safe.
Since COVID-19 struck, those responsible for IT in schools have been rushing to patch ‘all the things’, prepare for disaster recovery, business continuity, conduct third-party and vendor risk assessments, create cyber security incident response plans, write new policies and procedures, source equipment, ensure everyone has a VPN (Virtual Private Network) ready to go, is using strong passwords, MFA (Multi-factor Authentication) is being used wherever possible, and monitoring the increased internet traffic as everyone studies remotely – just to name a few.
But who is upskilling administrative and support staff, teachers, parents and students on all these new devices, applications and cybersecurity risks?
Unfortunately, it’s too late to help us during this current pandemic but cybersecurity should be embedded into the school curriculum. If we were to start with foundational aspects then build on it each year throughout school and higher education, we would be in a position of strength with an army of human firewalls ready with the knowledge to protect themselves and their future workplace from cyber threats.
If this utopia existed now, the risk level would be much lower from a cybersecurity awareness and safety point of view, as teachers and students embark on remote learning.
As it stands, cybersecurity awareness in K-12 is low leaving school systems open to digital attack with exploitable security vulnerabilities because users are now interacting with multiple, and mostly new, applications without the proper education and awareness to protect their privacy and deter attacks.
The risks are considerably higher in our current climate. In March, coronavirus-related phishing attacks went up 667% and every single country around the globe has now been hit with at least one phishing attack related to the pandemic. It’s more important than ever to start educating teachers, parents and students about the various ways cyber criminals will try to entrap you.
Here are some tips to help.
Take a position of ‘everyone knows nothing’ and provide relevant new school security awareness training across the board. School employees and students need the knowledge to make better security decisions online. Teachers will also require resources to share with their students and parents.
Email Red Flags
There is a misconception that school email is somehow protected from hacking, which is incorrect. Make sure everyone knows how to spot the red flags in email.
Zoom, Skype and other Video Platforms
Schools must have the right encryption, controls around access, who is in the video session so you can’t get “zoom boomed”, and secure sharing of records and, of course, making sure the right settings are on for privacy.
Ensure that your cloud services are hosted on a secure environment for privacy and data storage. Make sure the kids know how to use Google Classrooms.
For Parents and Caregivers
- Change the password on your home modem.
- Set up all the necessary parental controls and security protection on all your devices.
- Get a VPN (virtual private network) if the school hasn’t set one up yet.
- Spend some time with your kids and get them to show you the applications they are going to be using in their online learning.
If in doubt about the cyber risk to your school or how to protect it, seek professional advice – better safe than sorry!