Cybersecurity Tips From Unit 42 for the 2021 Back to School Season

This post is also available in: 日本語 (Japanese)

As we gear up for a return to school, aligned with the latest COVID-19 guidance to keep students, their parents and teachers healthy, it’s also critical to remember to practice basic cybersecurity hygiene to stay safe online. 

School districts tend to run older equipment and older software, which means that they’re more susceptible to cyberattacks since legacy systems are more difficult to update. Compounding this problem, many students, parents and teachers are not following cybersecurity best practices with their devices. This creates potential for hackers to wreak havoc on educational institutions. 

New data from Palo Alto Networks reveals that the percentage of traffic from phishing URLs (which direct users to fake websites to steal personal information) targeting the education industry globally increased 47% in June and 27% in July, which shows that hackers are ramping up their attacks ahead of back to school season.

 

3 Tips for a Safe Return to School

 

1. Use different passwords for different accounts and devices.

This is a security best practice that everyone struggles with. A 2020 report by SecureAuth revealed that 53% of people admit they reuse the same password for multiple accounts, which makes it easy for hackers to hijack accounts and steal personal information.

This is a common problem at schools. For example, I’ve seen instances where teachers share passwords for streaming services in the classroom. This type of password sharing can be exploited by hackers to steal credentials and potentially compromise accounts for other online services if the same email and password is being used.

Use a strong username and password for every account and device, then use a password manager to keep track of everything. From there, use a strong username and password for the password manager itself and make sure to enable two-factor authentication (2FA) as well. Two-factor authentication strengthens security by requiring two methods to verify your identity, such as something you know (for example, a password) and something you have (for example, a device). Two-factor authentication secures your logins from hackers, who exploit weak or stolen credentials. With 2FA enabled, the password manager has an added layer of security for the personal information it holds.

 

2. Get involved: Make sure your school district is prepared.

With cyberattacks running rampant against school districts across the country, it’s important to be aware of whether your school district is protecting your child’s privacy and taking steps to prevent hackers from disrupting their education.

Last year, the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint advisory warning of ransomware attacks, Distributed Denial-of-Service Attacks (DDoS) and video conference disruptions against schools. With limited cybersecurity defenses due to scarce budgets, schools are often extremely vulnerable and hackers are taking advantage.

Ransomware, in particular, has become a global crisis, with education a heavily targeted sectors. There are many examples of schools being impacted because of ransomware; in one case, hackers demanded $40 million to avoid posting students’ and teachers’ personal information online.

Students’ personal information is especially valuable for hackers because children and their parents are less likely to notice that someone is using their identity to commit fraud, especially if they don’t have a bank account in the child’s name to alert them.

Ask your school district what they’re doing to protect against cyberthreats. Are they investing in cybersecurity solutions to protect their infrastructure and your child’s information? Are they raising awareness on security issues with training for students and teachers? The more you can learn about your school district’s cybersecurity preparedness, the better.

 

3. Recognize that your children are tech savvy, but not cyber savvy.

Today’s children are growing up in the digital age of screens and social media, and it can be difficult as a parent to keep pace with the latest technologies and platforms. According to a 2020 Pew Research Center survey, 66% of parents say that parenting is harder today than it was 20 years ago with many citing technology as a reason why.

Familiarize yourself with your children’s devices and learning platforms, particularly with how to configure parental controls and privacy settings. Children know the workarounds, so you’ll need to be vigilant about the content they have access to.

That said, children are less likely to be aware of security best practices. Make sure that you're practicing basic cybersecurity hygiene with your children and their devices, including enabling 2FA, knowing how to spot a phishing scam, installing the latest software patches, covering up webcams when they’re not in use, avoiding the use of public Wi-Fi networks and, as mentioned previously, using strong passwords.

Children are taught basic safety tips like not talking to strangers and fastening their seat belts in the car. It’s critical to also teach them basic online-safety tips to protect their digital way of life – at home and in the classroom.

For more tips on digital home safety, see “Cybersecurity Tips From Unit 42 to Help Stop Ransomware Attacks,” “Cybersecurity Tips From Unit 42 for the 2020 Holiday Shopping Season” and “Cybersecurity Tips From Unit 42 for the Household CIO of 2020.”