Technology is heavily relied on in school settings. Internet connectivity, email, collaboration tools and daily operations all need technology to function. The addition of high tech devices lends itself to productivity but also comes with the potential of cyber threats. What types of threats are targeting our schools, staff and students?
Social Engineering
Impersonation can lead to loss of funds and confidential information. Attackers will deceive the victim into divulging information, transferring funds or granting access to highly valued data. Person-to-person contact for such requests can elevate this risk. Procedures should be in place for people who have access to these resources.
Phishing
This form of social engineering is very popular with the cyber crooks. By tricking the recipient of a phishing email by enticing some sort of action, the criminal can reap great rewards without much effort. Convincing the victim to give up information or money voluntarily is much easier that hacking into a sophisticated network. The miscreants can craft emails that appear to come from a trusted source to implore the receiver to transfer funds or personal information. End user training can assist with educating users in identifying and reporting suspicious emails.
Cryptojacking
Cybercriminals will use this ‘behind the scenes’ approach to steal computing power in order to mine digital currency. The offender will hack into into devices, sometimes by way of malware infection, and install the necessary software. This software functions in the background, without knowledge of the user, to mine or steal cryptocurrency. The victim may find their device’s performance is slower. The use of d blockers, strong anti-malware software and filters can assist with preventing cryptojacking.
Ransomware
Ransomware can be devastating for any business, including schools. Ransomware is a form of malware that, when deployed, can encrypt data and render systems useless. This can greatly cripple the institutions ability to function. Then the culprits will demand a ransom in return for a decryption key to restore your data. Many times, the thieves will also threaten to expose the data that was stolen if the ransom is not paid. Ransomware usually gets a foothold through a phishing email or website download. Educating users of the threat and how it can be detrimental to an organization will assist with prevention of occurrence. Implement an Incident Response Plan. Additionally, maintaining current backups that include immutable and offline copies will enable you to recover quickly and return to business.
Insider Threats
Distributed denial of service attacks are extremely disruptive. This can prevent or impair a network’s ability to communicate externally due to a bombardment of devices overwhelming the target. Volumetric attacks can usually be stopped through the Internet Provider.
Insider threats can be unintentional as well. Failure to monitor user access to critical data and systems can result in accidental breaches. Ensure that users have the correct access in order to perform their job. Be stingy with privileged access.
It’s important to put physical defenses in place as well implementing an ongoing cybersecurity awareness program. This will help to condition users on ongoing threats. Technology alone is not enough to thwart these cyber delinquents.
Resources:
Cybersecurity Considerations for K-12 Schools and School Districts