Tag: education cybersecurity

For Schools, Socially Distanced Learning Underscores Need For Stronger Data Protection

By Wayne Dorris, CISSP, business development manager, cybersecurity, Axis Communications, Inc.

Wayne Dorris

What does “security” mean in the context of a school? Until recently, the first things that came to mind were probably physical security technologies like surveillance cameras, metal detectors, access control stations, and even just good old fashioned locks.

But the recent COVID-19 crisis has changed that: because of the nationwide shift toward remote learning that the pandemic has prompted, schools have been forced to reevaluate their cybersecurity policies and requirements as they work to keep their data safe amid increased reliance on videoconferencing, learning management portals, and other online educational tools.

Distance Learning Tools in the Spotlight

One of the first security concerns to gain public attention was the vulnerability of the web’s most popular videoconferencing tools. Zoom, in particular, gained notoriety for the problem of “Zoom Bombing,” where random individuals would be able to drop into meetings run by others without being invited.

With much of the population working from home and relying on remote web conferencing tools, Zoom saw a massive spike in daily users, 10 million in December 2019 to 200 million in March 2020—a dramatic increase that put the previously small problem of Zoom Bombing into the public eye.

Zoom has, fortunately, implemented additional security controls specifically designed to combat Zoom Bombing, but these controls are optional and must be selected by the user. This underscores the need for effective training.

It isn’t fair to pick on Zoom, of course—in fact, Zoom’s problems highlight one of the biggest struggles facing both schools and businesses specializing in remote learning tools. Such a massive spike in remote users over a short period of time means that IT departments lacked the time to evaluate the security controls for remote learning products, and the makers of those products may not have had time to refine those controls for such heavy use.

Learning management systems (LMS) are a great example of this. Used to store grades and enable students to remotely turn in homework, LMS have long been a convenient tool for schools; however, they have generally had the benefit of operating within the safety of the school’s network. And although a bored student might occasionally attempt to hack their grades, LMS platforms have generally not been in the crosshairs for cyberattackers.

Continue Reading

Protecting Employees, Students and School District Resources From Cyber Attackers

Lucy Security works with many K-12 districts across the country to help build cybersecurity awareness and protect against phishing attacks (most ransomware attacks start with a simple phishing email.)

Colin Bastable
Colin Bastable

Below are some comments from Colin Bastable, Lucy CEO, about the types of trends and issues he sees and what K-12 IT departments can do to protect their employees, pupils and district resources from clever cyber attackers.

According to Colin Bastable, CEO of security awareness training firm Lucy Security:

Education: an easy target for cyber attackers 

K-12 school districts range from fewer than 100 employees to several thousand. Some have tiny budgets, and some have more significant resources, but they all struggle with vulnerability to cybersecurity attacks. Just this week, CNN reported that a Texas school district lost $2.3 million to an email phishing scam. Unfortunately, this news is just the latest in an ever-increasing trend of cyberattacks targeting K-12 schools.

According to the K-12 Cybersecurity Resource Center, more than 752 cyber incidents at K-12 schools have been reported since January 2016, resulting in loss of productivity as well as much-needed funds.

Common K-12 cyber scams

One common scam is the Gift Card Scam, where an email purporting to be from the school principal or a head of department asks an administrator or assistant if they can buy some $100 gift cards. Often, this might be during a break, such as Thanksgiving, when the school staff are unlikely to meet.

Once the admin has the cards, they email a reply (to the fake email address) saying “I have them” and the thief asks them to scratch off the security number and send pictures of the cards, “because I need to get the gift to the students today.”

Another common attack is to send a change of bank deposit details to the school payroll staff.

These are quite simple attacks, yet extraordinarily successful. More sophisticated attacks involve BEC (Business Email Compromise) attacks, like the gift card scam, but involving hundreds, thousands and millions of dollars in losses, where the imposter asks for urgent payments to be authorized.

Ransomware attacks are also prevalent in K-12 and local governments, causing multi-million-dollar losses and billions of losses worldwide. 

Continue Reading