Cybersecurity Class In Session: Protecting Students While Attending School Online

The COVID-19 pandemic has forced almost every part of our lives that can be online, to be online. One of the first sectors to move to an online format was the education system. Students ranging from 4-year-old Kindergartners to 33-year-old Masters students were forced to adapt to Zoom classrooms and purely online interactions with their teachers and classmates. Though many students have already begun their summer "vacations," we do not yet know what the fall semester will bring to these learners -- because of this, it is essential that students are updated on the potential risks of cyber-school and how to stay safe from them.

K-12 Students

For elementary, middle, and high school students, teachers, and principals, many new cyber-risks have been presented; some of the major threats include the vulnerabilities of video conferencing services, school system lack of cyber-infrastructure, phishing and data breach threats, and more.

Video Conferencing Service Vulnerabilities

The primary platform utilized by schools to conduct classes completely online is Zoom, an online video conferencing platform which allows for peer-to-peer communication via cloud computing. The company has been around since 2011 but gained a massive amount of popularity earlier this year as an alternative to face-to-face meetings for school, work, and personal life. However, while the company has presented a highly-needed service to many, it is quite lacking when it comes to cybersecurity -- experiencing data breaches regularly for weeks at a time. This puts students' private information, such as their emails, passwords, and other private information, at a major risk of being compromised.

Not only that, but the vulnerabilities found in many of the video conferencing systems give hackers the ability to get into the computers of users to their sites. This is especially scary as most laptops have webcams on them, opening up the opportunity for something known as Camfecting where hackers can gain access, and often control, over a person's laptop. This is not ideal for any user, but considering these are children being exposed to this vulnerability, protection against this should be a top priority.

School System Cybersecurity

On top of the vulnerabilities presented by the services used to conduct class in an online format, many school systems unfortunately do not have very secure cyber-defenses, putting teachers, students, and parents even further at risk. Among the top five major threats to school systems are phishing email scams and data breaches.

Phishing

Coronavirus has been an excuse for many hackers to capitalize on public fear by sending out scam emails under the guise of informing the recipient on new information about the virus. This is especially true for .edu email addresses as they are easily accessible and visible to any user on the Internet. Since COVID-19 began, students have been more and more heavily targeted for phishing attacks as these online learners mistake a phishy email for a legitimate virtual classroom invite or a correspondence from someone they believe to be their peer.

Data Breaches

Due to the lack of infrastructure for K-12 school systems, most educational entities do not have a robust cyber-defense. Two California school districts suffered data breaches during the COVID-19 pandemic. The districts, Oakland and Berkeley, were forced to ban all video conferencing with students in the midst of the online learning push in April earlier this year due to an unknown man who hacked into the online Zoom classrooms and exposed himself to high school students while yelling obscenities at the students. On top of this, other hackers saw the vulnerabilities in these specific school systems' cybersecurity defenses and used it to steal compromised student personal data and privacy.

Exposure to Risky, Unsecured Content

With students spending more and more time on computers and devices, they are becoming exposed to more and more content -- and not all of it is good. According to the DQ Institute, 29% of students 8-12 have been exposed to risky content while online for school activities. In addition to this, social engineering has increased since the beginning of this pandemic, with schools being heavily targeted. This particular attack is used by hackers to deceive and manipulate victims to divulge private or personal information that may be used for fraudulent or malicious purposes. In the case of social engineering against students, cyber-criminals will try and trick students into providing them access to school system information in order to find a weakness which they can then breach.

College Students

College students are impacted by everything that the K-12 students are targeted with; however, due to the fact that most of these students are adults, there are additional implications for them as well. One of the major issues targeting college students specifically are phishing schemes which consist of malicious emails with the false promise of employment. Eager college students trying to break into the job market click on the email links, putting their private information right into the hands of malicious actors. Additionally, because college students often have student loans, cybercriminals will target them in order to try and take hold of their personal financial information.

Tips to Protect Against These Threats

• Change your or your child's Zoom account password -- and make the password hard to guess without repeating a password you use for other accounts. Be sure to monitor and change all account logins on a regular basis, about every three months, to ensure your accounts are safe and up-to-date.
• Cover your webcam -- Even covering a webcam with tape can make you and your children more secure. In the case that hackers do gain access to your computer and they attempt to "camfect" you, they won't be able to see anything and their efforts will be futile.
• School systems need to beef up their cybersecurity defenses -- The vulnerabilities presented by a lax cybersecurity plan are significant. School systems need to be responsible and protect their students by investing in cyber. This can be expensive, especially for public schools which tend to not have much infrastructure; state and local governments should take this into consideration when determining school budgets as it is a genuine need for school success. Despite this, there are online resources as well such as https://k12cybersecure.com/ where you can research any questions or common cyber-threats.
• Educate teachers, faculty, and students on cybersecurity best practices -- If students or teachers are not aware of threats, they won't know what to look for when attempting to stay safe online. It needs to be emphasized and reemphasized to students especially to be safe while online. If anything looks suspicious, they should contact their parents and teachers, as well as IT support if that is available at said school.
• Stay updated on cyber-threats targeting online learning -- and educate others on how to protect themselves while online. One of the most common cyber-threats since the pandemic happened is phishing; Pay attention to suspicious emails asking for immediate action or emails with numerous grammatical and spelling errors, particularly if being received from unknown senders. When possible, schools should utilize multi-factor authentication in order to protect their students even further.

Cybersecurity is Important, but so is Student Well-Being

According to the DQ Institute, 45% of students have experienced heightened bullying while attending school online. Education is essential and school must continue, however, it is important for students' well-beings to be considered when it comes to online learning. Constant communication is essential to keep students feeling valued and involved. As the world begins to open up slowly but surely, parents and teachers should encourage kids to be kids and go outside and play and give themselves a break from computers.

Image by Freepik