Between interrupted zoom calls, to phony emails, this year is gearing up for a higher than ever rate of cyber attacks on school districts.
Cybersecurity has been rapidly increasing and in fact, effective September 2019, Governor Greg Abbott signed a bill that would require Texas school district to have a cybersecurity policy. These attempts have unfortunately fallen short as we began the 2020 year. Texas school districts in particular have fallen victim to ransomware attacks more than any other state according to the K-12 Cybersecurity Resources Center. Texas has had at least 126 incidents in ransomware attacks since 2016. In only this year, we have seen multiple attacks on just the Houston Texas area alone. Country wide, there were 348 publicly disclosed cyberattacks on school districts in 2019, three times that in 2018 (K-12 Cybersecurity Resources Center).
6 Things You Can Do As A Parent or Teacher
1. Unattended Devices
We know that we write about this a lot but we can emphasize enough how important it is to avoid leaving your devices unattended. This goes for phone, tablet, and laptop.
2. School Wifi
Just because you are using the school’s WiFi does not mean that you are being safe. Hackers can access WiFi’s so it is most important to be using a VPN when accessing your things at school or remote. A simple google search for a VPN will offer great options currently on the market.
3. Avoid Phishing Emails
Even though hackers will try and lure the individuals in finance positions within a district, they will also target what they consider “weak links” in the teaching staff that might not have had that much training on ransomware. Make sure you are check who the sender is, any possible grammatical errors, or any personal information requests. You will not be asked by your district to give out your SSN via email for example, so if you are receiving requests of that sort, know that it is phishing. If you aren’t sure and think you might have received a phishing email, forward it to your IT department.
4. Vishing Is a term used to describe voice solicitation, a method using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. This can be common for a school district where a person claims to be the parent of an individual who attends the school. Never give out personal information over the phone. It is better to tell the individual that you will look into it and call them back instead of accidentally divulging information to the wrong person. To learn more about this specific type of social engineering attack, read out Vishing blog entry here.
5. Compromised Websites
Compromised websites are very popular because distracted and busy adults hardly take the time. Especially not to observe a domain website once they have clicked a link from an email that they believe is a trusted source. What hackers will do is send you a very convincing email to an account that you have saying you need a new password and to click a link. The link will the re-direct you to a fake website that looks eerily similar to the correct one. An easy way to avoid is to google the official site and do what you need to do from there. This type of Social Engineering is called Pharming. To learn more about this specific type, check out our blog post on Pharming.