Tag Archives: cybersecurity

Cybersecurity is the Most Critical Element of Digital Citizenship (and Rarely Taught)

Just recently, someone close to me was the victim of a rather pernicious form of identity theft. A criminal was able to steal their cell phone number and use it to raid their financial accounts. What followed was hours on the phone with a cell phone provider, banks, and credit agencies trying to reverse the damage already done and to prevent further fraudulent activity.

This type of crime is becoming more prevalent. However, few people are aware of how common this type of identity theft is becoming. In fact, cell phone numbers are being viewed as the new social security number. Many of us have had our numbers for years… even decades. Many individuals have eschewed landlines for cell phones. Additionally, if you run a business or network, you likely give your cell number to a lot of people. Couple this with some rather high profile data breaches and you have a recipe for an identity theft crisis.

However, many individuals (adults and children) are woefully ignorant on the needs for cybersecurity and protecting various elements of their identity in the meantime. Students may be taught “don’t share your password,” rarely are they instructed in the merits of two-factor authentication.

Cybersecurity crimes in the form of identity theft are on the rise and will likely continue to be a challenge going forward. If we are not preparing students to protect their information and take action when their security is breached, we are doing them a disservice.

Advertisements

Three Lessons for Schools from the Wannacry Ransomware Attack

All weekend, computer systems around the world have been hit by a ransomware attack termed “WannaCry.” Ransomware is a nefarious cyber-security attack that essentially holds your computer and its files hostage until you pay the requested amount of money

to unlock it. Ransomware attacks have been on the rise over the years, but this weekend’s attack has been especially widespread and nefarious, attacking the NHS in the United Kingdom, public and private businesses (such as FedEx), and likely more governmental entities than any of us would like to consider. The cyber-attack, however, also highlighted a number of easily fixable security holes in home and business computers. If your students are interested in talking about this event, here are some best practice tips you can give to them to keep their systems safe and secure:

Keep Your Systems Up to Date

The majority of the compromised systems were out of date. For example, a large number of them were running Windows XP. Microsoft stopped releasing security updates to its Windows XP system more than two years ago. Even so, an alarming number of systems still run on this out-dated OS. Others were running more recent Windows operating systems, but they had not installed critical security updates. As comfortable as we get with our operating systems, it is imperative to keep them up to date for this very reason. I’ve heard people comment that they don’t update because they “don’t want their computer/phone to stop working.” The reality is, the opposite is true! By not running critical security updates, your system becomes susceptible to malware and hacking, which will at best slow it down, and at worst, will lock down your system.

Don’t Use Pirated Software

Aside from the ethical implications, pirated software is a significant security risk. First, you never really know what you get when you download and install that package. Additionally, if you run unregistered software on your machine, then you also cannot run critical security updates. This easily compromises your system. Wide-spread software piracy is prominent in some countries, most notably China and Russia. However, I’ve also seen it in a number of offices and homes right here in the United States. For example, rather than pay for an office/home-wide Microsoft license, users will purchase one or two licenses and install on multiple devices. Cutting these corners also might safe you some money in the short run, but the security loopholes leave you at greater risk.

Educate Yourself about Phishing

phishing

Courtesy of Edward Richard Contrera https://www.flickr.com/photos/35484468@N07/4894714911

Phishing is a nefarious means of getting a user to click on a link or a file to install malware onto their device. Some phishing attacks are sloppy and obvious; they are replete with typos and non-sequiturs. However, phishing attacks have gotten more sophisticated, including spoofing accounts to make an email look like it came from a friend or a colleague. Always exercise caution and skepticism when opening an email that doesn’t quite “feel right.”

As more data is moved to the cloud and we are reliant on digital systems, the more commonplace cyber-attacks will be. Educating your community and students about the current attacks can help to prevent the next one!

3 Ways Schools can Help Users to Protect their Accounts from Malware, Phishing, & Cyber-scams.

Recently, G-Suite users were hit by a large phishing scam. Users were sent an email that appeared to be from Google and asked to click on a document for collaboration. The

nefarious document then gave the sender access to your whole account, including your directory, enabling it to spread. While phishing is nothing new, it has become more problematic and sophisticated. As such, it’s especially important to include some cyber-security basics as soon as students start to have access to digital tools.

Identify Scams

Most scams are pretty easy to identify. You are sent a typo laden email from someone you don’t know asking you to “check this out.” However, as email spoofing becomes more prominent, it’s important to not just open an attachment even if you know the user. There are a few red flags: the email is full of typos and errors, it doesn’t fit the tone of the sender (e.g. would your teacher be sending an email that says “check this out!”), or it just doesn’t feel right.

Keep your Operating System & Security Software Up to Date

Yes, updates can be annoying – they take a long time and may require a hardware restart in the middle of the day. However, keep your operating system and security software up to date is essential to cyber-security. While you may not want to update to the latest Windows or iOS software on day 1 (a brand new OS may have a bug or two, as early iOS 10 adopters learned when it bricked several phones), you should do so shortly after the release. Critical security updates should be installed regularly as they plug security holes and fix exploitable bugs.

Enable Two Factor Authentication

Two factor authentication is a security measure that grants you access to your account or device only after you have presented two methods of authentication (e.g. your account password and a code texted to your phone or sent to an email). It has been around for a while, but many users never enable it. Two Factor Authentication may feel like a pain, but it is the best possible defense against potential hackers or nefarious users. If you have ever been locked out of your account because another user has gained access, you know how difficult it can be to regain access and the damage that can be done to your reputation or your pocket book. Enable two factor authentication on all of your sensitive accounts (bank accounts, email, social media, etc). The extra 30 seconds it takes to log in will be worth it!

These are just a few ways that students can protect their devices and accounts from malware, phishing, and cyber-scams. However, as cyber attacks become more sophisticated, network administrators and users must become more savvy. It’s important to keep up your skills and consistently train your community. I encourage administrators to attend cyber-security webinars and workshops, such as ATLIS’s Cyber-Security Workshop in Chicago this summer.