TechGuard Blog

Cyberattacks Targeting Schools Are on the Rise

The start of the 2020 school year has brought with it many challenges, one of which being the closure of many public and private schools. The closure of schools has left a large population of students having to adapt to virtual learning. Increasingly, students are struggling with this "new normal," and it's likely to continue until we have a vaccine on the market for COVID-19. That means more virtual learning for students and higher risk of cyber-attacks for schools. While schools have only been virtually or hybrid teaching for a few weeks now, there is already evidence that schools and academic institutions are seeing more cyber-attacks.

Cyberattacks have been on the rise to specifically disrupt the online learning environment. For instance, a teenage hacker used a Distributed Denial-of-Service (DDoS) attack to take down a server, and ultimately the online class. DDoS seems to be the primary way of attacking an academic institution, with ransomware as a close second. Between July and August, statistics show that cyber-attacks are up 30% compared to the two previous months. This trend isn't just affecting the US it's also becoming more common in both Europe and Asia with an increase of about 25%.

Here are a few tips from the security professionals for security professionals, students and parents to reduce the risk of becoming a victim to these types of attacks, to the students and even the parents.

Tips for the Security professionals

  1. Reduce Attack surface:
    • Know your environment. Knowing what devices and services are running on your network is key to understanding the risk that comes with those devices and services. Keep and up to date inventory the software and hardware on your network. This will help you maintain control of the applications, network traffic, and data.
    • Shut off any services that are not needed and remove any devices that should not be on your network.
  2. Review your access:
    • Ensure that all devices and users on your network have only the necessary access to do their required duties. If users are not supposed to have remote access to the network, make sure their account reflects that access.
  3. Contain and Remediate:
    • Make sure endpoint security is in place. Your last line of defense is your endpoint security. An up to date antimalware package can contain the spread of a ransomware infection. This may not eliminate all damage, but it could contain and isolate the damage.
    • If a machine becomes infected, remove it from the network and isolate it. Remediate the infected machine or machines. Implement the solution to avoid the same infection to the network.

Tips for Students:

  1. Be cautious when using email:
    • Only click on trusted links sent by people you know. This includes email attachments and any links within them. If anything feels funny about the link or email, delete it, legitimate emails can be resent, virus infections or ransomware could be catastrophic.
    • Don’t reply to any emails you don’t recognize. Attackers are known to send out “probe emails” to determine if an email is valid. If you reply, that paints a target on your email address.
    • Reach out to the person who sent it to verify that it is a legit email using an email address that you know is correct.
  2. Use strong passwords:
    • Strong passwords make it difficult for attackers to crack your password and access your accounts. Follow the password guidelines provided by the institution. Be sure to use different passwords for different accounts to keep them as safe as possible. Consider using a password safe to keep your passwords safe.
  3. Use antimalware software:
    • This step is important as it take some of the burden off you. While still being aware of what you’re doing, having anti-virus software is like a second person watching and catching any bad things that you may have missed. Antimalware isn't foolproof, it will only recognize malware and viruses that have already been discovered and reported and will not be very effective against zero-day attacks.

Tips for Parents:

  1. Use privacy settings:
    • Utilize the parental settings when setting up an account for your kids on the computer. Give them the least amount of privilege needed to do their schoolwork. This will make it more difficult for your student to anything they shouldn't be doing online.
  2. Make kids aware:
    • Kids today are pretty tech savvy. You can use that to your advantage, by telling your kids not to download anything or click anything without asking you first. Depending on the age of the student, it's highly recommended that kids are taught the basics of computer security. Explain to them that how they should interact with different websites and information that they should not be sharing on the internet.
    • List out some online safety rules for your student and teach them how to use email securely. Making them aware of online threats is the best way to prevent them from falling victim to a cyberattack. It's better to be defensive and cautious rather than free acting and careless.

 

While adjusting to this “new normal” is challenging and can cause some anxiety, with a few simple rules you can ensure that you and your student remain safe now and in the future.

Written by Matthew Rech