It’s October and while many think of Halloween and the start of Fall, it is also marks the beginning of National Cybersecurity Awareness Month.
Without cybersecurity awareness, it could be all tricks and no treats at your school or district.
Here are four cybersecurity tips for schools and districts across the nation to follow to help keep students and staff safe.
1. Train Staff to Identify Phishing Attacks
THE Journal reported “one in ten phishing e-mails fool users in education.” Phishing attacks have been described as “social engineering attacks” that often seem to come from a trustworthy source into a user’s email account.
The best defense against phishing attacks is awareness. The founder and operator of the K-12 Cyber Incident Map, Doug Levin, said, “K–12 leaders should regularly educate their users on phishing scams and basic safety.”
Some school districts have adopted training via phishing simulations. Ed Tech Magazine reports, “After three months, the number of educators likely to be fooled by phishing attempts dropped from 29 percent to 17 percent in smaller schools, and from 26 percent to 20 percent in larger schools.”
It is critical to extend phishing training and awareness beyond staff. Students are also at risk and should have training incorporated into lessons.
2. Develop Digital Citizenship Training
Digital Citizenship is not a new idea in K-12, but it can cover a variety of topics. A previous Kajeet blog covered teaching digital citizenship with tips such as helping students determine the legitimacy of websites and explaining the harm of cyberbullying.
With cyber threats on the rise, Digital Citizenship is as important as ever.
The Google Be Internet Awesome is a great example of a tool for educators to help teach Internet awareness to their students. This interactive game helps students learn how to identify scammers and hackers, along with understanding the importance of keeping your information secure.
Students and staff alike are at risk of cyber threats and attacks. As you teach your staff how to identify and avoid threats, make sure to spread that knowledge to the students as well.
3. Consistently Backup and Update Information
“Backups are the first defense to keep hackers from profiting from a ransomware attack — a strike that locks down a server’s data through high-level encryption,” writes David Hutchins, CDW-G vice president of K–12 and higher education, on ed tech. Hutchins recommends that users backup all critical information and store it on an offline device.
Perform regular backups of sensitive data, which can help protect your school or district against ransomware attacks that ask for money in exchange for the return of your data.
Create avenues for quickly rebuilding infected endpoints. The author writes, “School districts also should be able to quickly rebuild ransomware-infected endpoints, which would wipe out the ransomware and return the endpoint to a clean state.”
An eSchool News article provides four questions school leaders should ask regarding cybersecurity in their school. The questions include:
- Are your password procedures up to speed? Required password changes should occur at least once each semester.
- Do you have a procedure for when people leave? Deactivate accounts when students and staff leave the school district.
- Does each employee have access to only what they need? With lots of Personally Identifiable Information (PII), it’s important to control who can see what.
- Do you provide proper training at all levels? The IT teams should have staff and students review cybersecurity measures every year.
Segment the network as well so if one computer gets infected, it won’t spread through the entire domain. It is especially important to segment student devices as students may not be fully aware of cyber threats. Read the Kajeet blog post, “Ransomware: A Growing Threat in K-12,” for more information.
4. Secure Inter-Connected Devices
This past September, the FBI released a PSA regarding student data collection and cybersecurity. The release states:
EdTech connected to networked devices or directly to the Internet could increase opportunities for cyber actors to access devices collecting data and monitoring children within educational or home environments. Improperly secured take-home devices (e.g. tablets, laptops) or monitoring devices (e.g. in-school surveillance cameras or microphones), particularly those with remote-access capabilities, could be exploitable through cyber intrusions or other unauthorized means and present vulnerabilities for students.
Kajeet recognizes the threats posed to student devices, especially those that go home, which is why our Wi-Fi enabled devices provide an additional layer of security.
Kajeet Sentinel®, our patented cloud platform, powers filtering and security for Kajeet products, including the Kajeet SmartSpot® (Wi-Fi hotspot) and Kajeet SmartBus™ (school bus Wi-Fi). Sentinel not only filters Internet to ensure students access educational sites, but it provides extra security for students browsing websites.
- Intrusion Prevention Service (IPS): Protects students from vulnerability exploits by examining low level traffic to identify known threats with matching traffic patterns against a database that is continuously-updated and currently includes information for up to 4,000 known threats.
- Reputation Enabled Defense: Uses reputation-based intelligence and geolocation feeds to identify and block access to dangerous sites, keeping students safe from threats launched by malicious web pages.
- Gateway Anti-Virus: Scans files and traffic to identify and block known viruses, Trojans, worms, spyware, and rogueware.
- Application Control: Prevents use of unauthorized applications by reviewing traffic patterns and enforcing policies based on the school’s predetermined user group.
There is a lot of information out there this month to promote cybersecurity awareness, but make sure to stay vigilant of cybersecurity threats at your school or district all year long.