School life is going digital; while this comes with great opportunities to enhance teaching, learning and student engagement, it also comes with some challenges – namely, cybersecurity. Paul Dignan, senior systems engineer at F5 Networks, discusses important lessons in safeguarding vital data and shares tips to stay top of the class in cybersecurity
The next academic year has commenced, but have you done your homework and ensured that a cyber-savvy approach to schooling sits front and centre for 2018 and beyond? Hackers, typically, target schools and parents around this time because they are often ill-equipped to deal with cyber thefts.
Young peoples’ lives are increasingly dominated by the digital world, which provides an enormous opportunity to advance education and enjoy digital entertainment. However, cybercriminals are ever-present and use sophisticated methods and tools to exploit vulnerabilities in our everyday applications and data defences.
In 2017, a cyber-attack on Edmodo, an educational social media platform, resulted in personal details belonging to millions of teachers, pupils, and parents being sold on the Dark Web
Sensitive data held by schools – such as children’s medical records and academic achievements – are lucrative on the Dark Web. Malware and phishing are the most popular types of attacks, according to research commissioned by the educational insurance company, Ecclesiastical. In fact, it revealed that 20% of educational institutions have been targeted by these types of threats and that universities are, generally, better prepared than schools.
Tips for staying top of the class for cybersecurity
Education and awareness are the foundation for best cybersecurity practice and to help protect personal data. From parents to pupils, all users play a vital role in ensuring their computers are up-to-date with anti-virus software and that there is a general culture of online vigilance.
Here are some useful tips to keep you on top of the cybersecurity class.
- Install malware protection. Block malicious emails and prevent viruses and malware being downloaded from websites. Establish and maintain malware defences to detect and respond to known attack codes.
- Patch management. It is important to regularly plug vulnerability gaps with the latest software to prevent malicious bugs and bots.
- Implement a secure baseline build for all operating systems. This should include hardware – internal and external drives – and application software. Unauthorised users with ‘normal’ privileges must be prevented from installing erroneous software and any application that does not support the user should be removed or disabled.
- Change computer configurations. Implement internet controls and email access privileges to limit exposure to spear phishing. This also reduces hackers’ ability to gain widespread system access via a single point of vulnerability.
- Set a robust password policy. Use a password manager to create complex passwords. Such passwords could potentially be stored in an encrypted database or generated on demand. This approach makes it difficult for both hackers and automated tools to break into your system.
- Device controls. Conduct regular Internet of Things (IoT) device security audits. It is vital to test IoT products, such as tablets, before purchase or use.
- Avoid mobile misuse. Separate personal mobile ‘phones from school work. Mobile games and gadgets are good, but mobile apps are different from web applications and can be vulnerable to automated bots, facilitating content scraping as well as denial of service and API attacks.
- Robust training and education. Teachers and parents should understand their role in keeping their school and homes secure, as well as reporting any unusual activity. Put plans in place for security incident management to swiftly deal with an attack and reduce operational impact.
Now is the time to get faster, smarter, and safer with cybersecurity and make learning a journey of discovery through safe practice and a culture of compliance. Doing nothing is no longer an option. It’s time to think more about prevention and put hackers in detention.