Recently, G-Suite users were hit by a large phishing scam. Users were sent an email that appeared to be from Google and asked to click on a document for collaboration. The
nefarious document then gave the sender access to your whole account, including your directory, enabling it to spread. While phishing is nothing new, it has become more problematic and sophisticated. As such, it’s especially important to include some cyber-security basics as soon as students start to have access to digital tools.
Most scams are pretty easy to identify. You are sent a typo laden email from someone you don’t know asking you to “check this out.” However, as email spoofing becomes more prominent, it’s important to not just open an attachment even if you know the user. There are a few red flags: the email is full of typos and errors, it doesn’t fit the tone of the sender (e.g. would your teacher be sending an email that says “check this out!”), or it just doesn’t feel right.
Keep your Operating System & Security Software Up to Date
Yes, updates can be annoying – they take a long time and may require a hardware restart in the middle of the day. However, keep your operating system and security software up to date is essential to cyber-security. While you may not want to update to the latest Windows or iOS software on day 1 (a brand new OS may have a bug or two, as early iOS 10 adopters learned when it bricked several phones), you should do so shortly after the release. Critical security updates should be installed regularly as they plug security holes and fix exploitable bugs.
Enable Two Factor Authentication
Two factor authentication is a security measure that grants you access to your account or device only after you have presented two methods of authentication (e.g. your account password and a code texted to your phone or sent to an email). It has been around for a while, but many users never enable it. Two Factor Authentication may feel like a pain, but it is the best possible defense against potential hackers or nefarious users. If you have ever been locked out of your account because another user has gained access, you know how difficult it can be to regain access and the damage that can be done to your reputation or your pocket book. Enable two factor authentication on all of your sensitive accounts (bank accounts, email, social media, etc). The extra 30 seconds it takes to log in will be worth it!
These are just a few ways that students can protect their devices and accounts from malware, phishing, and cyber-scams. However, as cyber attacks become more sophisticated, network administrators and users must become more savvy. It’s important to keep up your skills and consistently train your community. I encourage administrators to attend cyber-security webinars and workshops, such as ATLIS’s Cyber-Security Workshop in Chicago this summer.