A new school year brings hope and excitement for students and educators, and maybe somewhat of a relief to parents. And this fresh start is the perfect time to reset your own personal cybersecurity awareness to set you up for success.
Everyone - No Matter Your Age - Is Vulnerable to Cyberattacks
In the classroom, paper and pens are now replaced with Chromebooks and iPads. Teachers communicate with parents and students via apps and email. As the world becomes increasingly digitized, students and parents need to have their guard up when it comes to protecting against cyberattacks.
Unfortunately, even the youngest among us aren’t immune to cyberattacks. Case in point: the recent Neopets breach news. The virtual pet management site used mostly by children recently experienced a breach impacting 69 million users, exposing usernames, passwords, dates of birth, and email addresses, among other pieces of personally identifiable information (PII).
This type of news opens up risk for both the individual and the enterprise, especially for employees who work remotely, or use unmanaged or personal devices with corporate accounts that may have kids apps/games on them as well. For the enterprise, these kinds of attacks could result in malware infections that lead to ransomware attacks. With kids crafting their digital identity earlier than ever now by creating more online accounts, it opens a breeding ground for fraudsters to create synthetic identities using breached children’s data.
Protecting the Education Sector from Cyberattacks
With the push for remote learning during the pandemic, many schools weren’t prepared for the vulnerabilities that accompanied an increased attack surface. The education sector is a prime target for cyberattacks, with 56% of lower education organizations and 64% of higher education organizations getting hit with ransomware in the last year. SpyCloud found over 180 million breach records from .edu domains in our recaptured data over the last 5 years.
According to the most recent State of EdTech Leadership report, cybersecurity and the security of student data ranked as the top priorities for school district IT leaders, yet only 54 percent of K–12 IT leaders surveyed have high confidence in their ability to handle a cyberthreat. In addition, budget constraints and lack of resources remain challenges for district IT leaders to effectively and confidently protect against cyberattacks.
One way IT teams in the education sector can enhance threat protection is implementing strong password policies to avoid the risk of account takeover (ATO). It also helps to evangelize cybersecurity education and awareness for everyone so students and staff alike take extra care when using district assets and accounts.
For example, the University of Oklahoma recognizes the importance of strong password protection. They are aware of password reuse and the threat a single compromised password can have on multiple accounts. As such, they use SpyCloud services to protect against ATO and bring cybersecurity awareness to the forefront so as to encourage learning beyond the classroom and have an impact on the everyday lives of students and staff.
Four Back-to-School Cybersecurity Tips
As students, teachers, administrators and staff return to school with the promise of a successful year, we offer these tips to help protect you and your family, and pass along to colleagues to defend against cybercriminals.
Keep work and personal computers and accounts separate
I don’t know about you, but my kids LOVE anything that isn’t theirs – they constantly want to use my phone to text or call Grandma and are intrigued by my work computer. However, allowing anyone else to use your work devices can put you and your organization at risk. What if they download something they shouldn’t and infect your device with malware? What if they use compromised credentials in your browser that a fraudster then uses for account takeover (ATO) or online fraud? Ensuring the security of your corporate assets is critical, and may even be part of your organization’s corporate policies. Using your work computer strictly for work is the best way to protect yourself and your company.
Instill strong password hygiene for everyone in your family
My elementary school child already has accounts with an authentication/2FA application – it’s the district’s one-stop-shop for all learning sites. It’s activated on our family’s personal computer, and we made a point to ensure that the password for that account is up to par with the latest guidance for strong passwords to protect my child’s digital identity and our family from any sort of compromise or breach. Using family password managers helps create strong passwords and keep them safe for use, as well as gives the right people access when emergencies arise. Passwords should be complex with 16+ characters, and avoid using popular words/phrases like sports team names, the latest pop star, or the most watched bingeable TV show name. And use a unique password for each account – password reuse is a common human behavior, and if you use the same weak password across multiple accounts, the likelihood of it being compromised increases dramatically. No one is too young to learn cybersecurity best practices, and starting with the basics of simple password security and hygiene is a good place to start.
Be aware of your child’s online activities
When my other child asks to use my phone “for just a minute,” what they really want to do is take it for 20 minutes and go watch videos on YouTube. And while I admit I sometimes let them take it, I still try to stay on top of what it’s actually being used for. We have parental controls on our kids’ tablets, but it’s a free-for-all when it comes to my phone. Not only do I want to be sure they aren’t watching something they shouldn’t see (anyone else get ragey over the Momo Challenge or Huggy Wuggy?!), but there’s also potential for them to access apps or websites they shouldn’t, or make my phone and online accounts vulnerable to cyber threats. Knowing exactly what your kids are doing online can be tricky, but building that trust early can help both them and you be confident in their digital awareness. A great resource for parents and teachers is the National Online Safety website, which offers insights into tips and trends to be aware of to keep your children and students safe online.
Protect your information and your privacy
SpyCloud’s database of recaptured data from the criminal underground reveals an astonishing amount of PII is widely circulating on criminal marketplaces and forums – just last year, SpyCloud recaptured 13.5 billion pieces of PII. Fraudsters are relentless when it comes to using PII to perpetrate fraud, even using information from children to create synthetic identities. To combat this, be vigilant when it comes to sharing your information with anyone, and enable multi-factor authentication whenever possible to enhance your own personal security posture.
Before the Bell Rings…
It’s never too early to instill security best practices with everyone in your family. With so much activity on the criminal underground, and fraudsters doing whatever it takes to make a buck, it’s important to protect your family’s personal information. Start the school year off right by refreshing your cybersecurity savvy!