Beware These 5 Threats During COVID-19
Hackers take advantage of the worst-case scenario.
Pandemics, terrorism, and natural disasters bring disruption and distractions, perfect opportunities for people to infiltrate lowered security while our attention is directed elsewhere. Here are five data security bases to cover during your pandemic response.
Network security
While it’s true our home wireless networks are under more stress than ever before, don’t sacrifice security for convenience. These network breaches are some of the easiest for hackers to pull off.
No public WiFi: The biggest risk to networks comes from unsecured WiFi connections in public places, like restaurants. Ideally, choose password protected WiFi from a home network. This option may be out of reach for some—even free internet offers for students are falling short in some cases, requiring families’ unpaid bills to be settled before the option is extended to the student. Other secure options may include a Virtual Private Network (VPN) or a mobile WiFi hotspot.
Internet of things: Disconnect devices that don’t require WiFi to function (appliances, etc). Even if WiFi helps them function more conveniently, consider disconnecting them temporarily to minimize the opportunities to infiltrate your network.
Multi-factor authentication: More organizations are moving toward MFA in all cases, but particularly for remote work, ensure the devices connecting to the network belong to actual people within your organization.
Spear phishing
This especially insidious form of phishing attack relies on trust. Hackers mimic a colleague or boss’s email address by replacing an unobtrusive letter or adding a few characters. They’re banking on well-meaning employees being especially eager to respond in a new remote setting.
Don’t take the bait! If your boss asks you to make a strange, urgent move—think making an unusual funds transfer or sharing a password—take a moment to call them or confirm in another way rather than replying or carrying out the action. Explain your reasoning and they’ll understand your abundance of caution.
File transfers
We’ve gotten used to questioning email attachments, but how else are we going to share documents nowadays? Rely instead on alternative methods which aren’t so attractive to hackers.
First, check with your IT pros to see which file transfer methods they prefer. Your organization may already have group access to a secure, cloud-based sharing service. Other options for safe transfers include DropBox, Google Drive, and OneDrive from Microsoft. These methods create a secure place to upload and download documents without worrying about sketchy email attachments.
Surveys, scams, and prize offers
Our collective confusion and unease around COVID-19 gives hackers a common ground to exploit. Even something as simple as giving your opinion via survey can turn up valuable information. Hackers may pose in an altruistic way, promising to compensate you for sharing information that will help others learn. But a scam is a scam.
Beware the hackers who are taking advantage of idle social media use, too. Those fun little questionnaires could be just the answer key hackers need to fool financial institutions into giving them access to your account.
Model security to students
Unfortunately, students are now even more likely to accidentally fall victim to a hacker trying to infiltrate a district. It’s widely known students will be taking part in digital learning activities, and hackers are taking note of every potential source of information. Always include security notes in each online assignment and remind students teachers will never ask for their passwords, personal information, or photos via email.
Though hackers don’t slow down attacks, everyone working remotely can take a moment to slow down and think through their approach to minimize vulnerability.
Originally posted in Skyward’s Advancing K12 blog
Your Data is Safe with WSIPC
WSIPC has been part of the Student Data Privacy Consortium (SDPC) since its inception. We also participate with the Future of Privacy Forum (FPF) and other data privacy resources to ensure we stay informed and engaged.
Student data privacy is a top concern for WSIPC, and we will continue to do our utmost to ensure that your data is protected.
To learn about WSIPC’s data security policies and practices, see our Data Privacy page on our website, or contact us at info@wsipc.org or 425.349.6600.
WSIPC is a non-profit public agency that provides technology solutions (including Qmlativ), services, and support to K-12 schools. WSIPC’s purpose is to help schools do more with every dollar and to empower them with the tools to work smarter. To learn how your district can become part of the WSIPC Cooperative, contact us at info@wsipc.org or 425.349.6600.
WSIPC. Inspired by education. Empowered by technology.TM