Reported data, annual reports and press--releases suggest that ransomware and malware are the biggest cyber security threats facing education. We know that over 80% of malware encounters (thanks to Microsoft) are targeting schools, and school and digital leaders need to establish protocols and provide training to stakeholders to sort out vulnerability to cyber-attacks. Why are schools such a target? Cyberattacks ' motives also differ, with schools, colleges, and universities all varying in size, purpose, and stature. Not all threats are the same. However, we need to be ahead of the game --for example, what might be considered a low-level, common threat for a large, powerhouse university, might not be an issue for schools or local authorities (school district). The same can be said for an international school. However, we all need to act. With admissions data, including fees and payments, financial gain is a motive for hackers attacking our schools. We all need to evaluate the risk and understand what data is vulnerable to unauthorised access. Speaking recently with some other digital leaders, we had a chat about cyber threats facing education and our schools. We overwhelmingly agreed that we need to tackle three areas: Phishing Phishing scams often take the form of an email (and very suave at that). However, it can also be sent as a text message with a link attached. Each is designed to trick us into trusting the source in a fraudulent attempt to access our credentials – whether that’s sensitive student data or payment details. Ransomware/Malware Ransomware and malware attacks prevent users from accessing the network or files and cause some significant disruption. For example, admissions managers are unable to access enrolment details, IT managers are unable to check on systems or servers, and finance managers are locked out of the annual budgets. And in some cases, as it says on the tin -- some forms of this threat can see attackers hold files to ransom. With some a large chunk of change being paid to get back in. A lack of awareness Something else we talked about was a lack of training and awareness. We talked about how we might address this, and the answer is training, making people aware -- through emails, links and videos. We talked about media literacy and how a digital citizenship programme can help mitigate such situations for our learners in schools. Phishing attacks are becoming more and more sophisticated, and it is sometimes tough to figure out and out say this is an attack. While Google or Microsoft have some intelligent SPAM detectors, and you might not even see such emails, some do, however, slip through the net, and I find that a keen eye and attention to detail often is the key to cracking this wide open. Grammar, misplaced letters and a full stop out of place, and a dodgy email address are some of the ways I suggest to school leaders, teachers, and community members to keep safe from scam artists. I hope this blog post was helpful. If you have any questions or are looking for someone to provide some training, give me a shout.
0 Comments
|