By Bob Stevens, vice president of Americas, Lookout.
Fall 2020 has already proven to be a challenging year for school cybersecurity. While teachers and students work together to learn in new environments, bad actors are exploiting the situation to breach systems and steal sensitive information.
Even before students received their first report cards, we’ve already witnessed ransomware attacks targeting Fairfax County Public Schools, one of the country’s largest school districts, and sensitive information exposed by a breach to a Las Vegas district’s systems. As today’s classrooms expand to be virtual, personal mobile devices and school-issued chromebooks are increasingly playing a central role in how students are learning.
While cybersecurity awareness in education is growing, Chromebook, tablet and smartphone threats aren’t as well-known, or well-protected, as their desktop counterparts. Administrators, teachers and students need to understand that – all devices – including mobile devices – need to be secured. The good news is that schools can take measures to prevent and mitigate damage from cyberattacks. Here are three steps to help students, teachers and administrators stay safe.
Secure Commonly Used Devices, Like Chromebooks, tablets and smartphones
Cost-effective yet functional, Chromebooks enable students to attend class and complete homework remotely. In some ways, security is a strength of Chrome OS. First, it doesn’t allow anyone access to its kernel – the core part of the operating system – and run apps in isolation. Chromebooks also automatically receive regular updates to ensure vulnerabilities are patched. However, there are numerous threats, such as phishing, that Chromebooks are still susceptible to.
For many students that don’t have access to laptops or Chromebooks, the existing tablets and smartphones their families own are critical to learning remotely. But these devices are rarely top of mind in a school district’s security strategy.
Implement Modern Endpoint Security Across All Mobile Devices
As education via mobile devices becomes a new mechanism for learning, defending against these mobile threats is as central to a district’s security as protecting desktop or laptop computers. Districts can mitigate these risks with modern endpoint security that protect against phishing and web content, network-based, and malware. Modern endpoint security can stop both known and unknown threats from these sources, helping get a step ahead of bad actors.
Help Users Identify Overlooked Mobile Threats
Security solutions are necessary, but teachers and students should still have a basic understanding of the threats they face, especially ones that can be difficult to detect. For example, it’s relatively easy to identify a malicious phishing email on a desktop. But on mobile devices, common phishing tell-tale signs are difficult to notice or are nonexistent. Even the youngest mobile users need to be aware of mobile devices’ hidden dangers. This awareness includes familiarity with the risks of a simplified user interface and smaller mobile displays, both of which make it challenging to identify questionable links or websites.
While many users are familiar with email-based phishing attacks, many mobile phishing attacks now start via SMS or text, social media platforms, gaming, or third-party messaging apps. Once a device is compromised, these types of attacks can provide access to a device’s microphone, email, photos, documents, and phone logs.
Teachers and students must recognize threats from these sources so they don’t fall prey to attacks. All mobile device users should have a basic cybersecurity awareness and regularly seek best practices like researching a source for legitimacy before tapping on inbound links and never sharing personal information with strangers online.
Students and teachers are learning a lot this year, not just from the standard curriculum but also about technology’s role in the learning process. It’s critical that for administrators, teachers and students to understand that mobile security is a part of their technology education. Whether that means learning about the role of modern endpoint security as a part of a district’s overarching security strategy or better recognizing potential mobile threats, we can all walk away from the 2020 – 2021 school year better armed against threats in today’s increasingly mobile world.