Vertical Markets

Playground for hackers

by Mark Rowe

The summer holidays are near over. It’s time to go back to school. As children prepare for the year ahead, now is the time for families to do their homework and ensure that they are seasonally cyber-savvy, writes Paul Dignan, Senior Systems Engineer, F5 Networks.

Hackers typically target teachers and parents around this time because they are often ill-equipped to deal with cyber thefts. At the same time, sensitive data held by schools, such as children’s medical records and academic achievements, are lucrative on the Dark Web. Malware and phishing are the most popular types of attacks, according to research commissioned by the educational insurance company, Ecclesiastical. In fact, 20 per cent of educational institutions have been targeted by these types of threats where universities are generally better prepared than schools.

Education and awareness is the foundation for best cybersecurity practice and to help protect personal data. From parents to pupils, all users play a vital role in ensuring their computers are up to date with anti-virus software and that there is a general culture of online vigilance. Here are some useful tips to keep you on top of the cybersecurity class.

Install malware protection – Block malicious emails and prevent viruses and malware being downloaded from websites. Establish and maintain malware defences to detect and respond to known attack codes

Patch management – It is important to regularly plug vulnerability gaps with the latest software to prevent malicious bugs and bots

Implement a secure baseline build for all operating systems – This should include hardware (internal and external drives) and application software. However, unauthorised users with ‘normal’ privileges must be prevented from installing erroneous software. Any application that does not support the user should be removed or disabled

Change computer configurations – Implement internet controls and email access privileges to limit exposure to spear phishing. It also reduces hackers’ abilities to gain widespread system access via a single vulnerability

Set a robust password policy – Use a Password Manager to create complex passwords. Such passwords could potentially be stored in an encrypted database or generated on demand. This approach makes it difficult for both hackers and automated tools to break into your system

Device controls – Conduct regular Internet of Things (IoT) device security audits. It is vital to test IoT products, such as toys, before purchase or use

Don’t forget Bluetooth – It is possible to access IoT-enabled toys via an unprotected Bluetooth connection, enabling hackers to inject unwanted messages or remove data and images. Parents should read the manufacturer’s safety and privacy policy. Ideally, the access rights to the toy and its app can be restricted

Avoid mobile misuse – Separate personal mobile phones from schoolwork. Mobile games and gadgets are good, but mobile apps are different from web applications and can be vulnerable to automated bots facilitating content scraping, as well as denial of service and API attacks

Robust training and education – Teachers and parents should understand their role in keeping their school and homes secure, as well as report any unusual activity. Put plans in place for Security Incident Management to swiftly deal with an attack and reduce operational impact

Lessons learned

Young peoples’ lives are increasingly dominated by the digital world, which provides an enormous opportunity to advance education and enjoy digital entertainment. However, cybercriminals are ever-present and use sophisticated methods and tools to exploit vulnerabilities in our everyday applications and data defences.

In 2017, a cyber-attack on Edmodo, an educational social media platform, resulted in personal details belonging to millions of teachers, pupils, and parents being sold on the Dark Web. Now is the time to get faster, smarter, and safer with cybersecurity and make learning a journey of discovery through safe practice and a culture of compliance. Doing nothing is no longer an option. It’s time to think more about prevention and put hackers in detention.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing