Cybersecurity experts have warned about coronavirus pandemic-related phishing scams targeting all sectors of the economy, from health care and consumer products to banking. Now, schools are being warned to be extra vigilant too.
Doug Levin, the founder and president of the K-12 Cybersecurity Resource Center, pointed out that schools have long been the subject of 鈥渄rive-by鈥 phishing scams: mass blasts of dubious emails looking to gather personal information. In recent years, they鈥檝e also been hit with more sophisticated and targeted attacks.
The coronavirus pandemic, Levin said, compounds the problem.
鈥淪cammers and criminals really understand the human psyche and the desire for people to get more information and to feel in some cases, I think it鈥檚 fair to say in terms of coronavirus, some level of panic,鈥 he said. 鈥淭hat makes people more likely to suspend judgment for messages that might otherwise be suspicious, and more likely to click on a document because it sounds urgent and important and relevant to them, even if they weren鈥檛 expecting it.鈥
Here are 5 takeaways from a recent conversation Educaton Week had with Levin.
1. Remote Classes Can Make Schools More Susceptible
Moving to remote classes is an important step in promoting social distancing in order to limit the coronavirus鈥 spread, but having students and teachers access schools鈥 networks remotely also increases the potential for an attack, according to Levin.
鈥淲ith more teachers and students online, particularly if they鈥檙e doing it from less controlled environments outside of the school, the attack surface of the school community is increased,鈥 he said.
鈥淚n many cases, all it takes is for one person to make a mistake in a school community for a school district network to get infected, or a data breach to happen.鈥
2. Don鈥檛 Count on the Same Level of IT Support as Usual
Another challenge of a large number of students and teachers working remotely is that the increasing number of IT problems associated with e-learning will divert resources away from cybersecurity. Schools, Levin said, also tend to have older IT infrastructures, and staff that may not be as highly trained in cybersecurity as people in industries such as banking and healthcare.
If IT staff members have to work remotely, and maybe also have to deal with a flood of low-level tech support issues, they are going to be able to be less attentive to incidents as they start to emerge, according to Levin.
Hackers often pick chaotic times or moments when schools鈥 defenses are down, like spring break or the time right before school starts, to attack, Levin added. The coronavirus pandemic is a large enough social disruption to attract that kind of attention.
3. Even Small Schools Aren鈥檛 Safe
A common misconception, Levin emphasized, is that smaller schools are safer because hackers don鈥檛 think it鈥檚 worth their time to target districts with only a few students.
鈥淏ased on the evidence I鈥檝e seen about school cybersecurity events, the criminals and the scammers absolutely don鈥檛 care who you are, where you are,鈥 Levin said. 鈥淚t is just as easy to send an email to a rural small school as it is to a large bank.鈥
4. Be Careful With Suspicious-Looking Links
In the days and weeks ahead, Levin said, schools need to redouble their precautions against opening suspicious links and email attachments from unknown or dubious addresses.
鈥淪chool districts would do well to warn and build awareness, among both students and teachers, to have a little bit of skepticism when they are getting information appearing in their inboxes related to coronavirus, just to double-check who it is being sent from, whether this was an email they were expecting,鈥 Levin said. 鈥淚f it鈥檚 from an email address they don鈥檛 recognize or normally don鈥檛 get messages from, I think it鈥檚 important to double check that email address.鈥
He added that if teachers or students think they鈥檙e receiving phishing emails, they should reach out to their IT staff to report it immediately.
5. Schools That Already Practice Good Cybersecurity Should Be Safe
Levin emphasized that for schools that are already on the lookout for cybercrime, their preventative measures should be enough.
鈥淭his is a time when schools would do well to be extra vigilant,鈥 he said. 鈥淏ut the good news is these sorts of incidents [can be prevented] if there are good cybersecurity practices in place already.鈥
The coronavirus pandemic and the phishing scams that come in its wake should be a reminder, Levin said, that cybersecurity 鈥渘eeds to be a part of schools鈥 continuity plan.鈥
