Canada Association of Tourism Employees

7 Anti-Phishing Ideas For The Schooling Sector

This is how you can help protect your school

In 2020, 60% of educational institutions were affected by phishing attacks. A phishing attack can occur when an email, text message, or other type of communication appears to come from a legitimate source (a colleague, a business contact) when the correspondence is actually from a cybercriminal. The message can require a username and password for an account, request information about the transfer, or simply instruct the recipient to click a link or open an attachment.

Cyber ​​criminals know that executives, administrators, teachers, and students are easy targets. While we wish it were different, this is uniquely true in the wake of the global coronavirus pandemic, when people in educational ecosystems are distracted, stressed, or exhausted and therefore more prone to clicking a phishing email.

The Importance of Phishing Awareness in the Education Sector

Phishing attacks can decimate education-oriented groups. Previously, cyber criminals would get away with financial information, biometric data, academic progress reports, behavioral and disciplinary information, medical information, and other sensitive data. Ultimately, this has led to financial theft, identity fraud, and other forms of worrying cybercrime. When phishing attacks are successful, the entire educational community of a given school is at risk.

The average school employee processes an enormous amount of data; whether it is behavioral information, financial information, or attendance data. The average employee probably handles more than 10,000 emails a year. With the number of communications and the volume of data swirling across the Internet, phishing awareness and protection are key to maintaining a reputable and functional school environment.

What’s happening

In early June, the UK’s National Cyber ​​Security Center (NCSC) warned that cyberattacks in the education sector were increasing rapidly. Top of your list of threat vectors? You guessed it – phishing.

A few weeks later, US education advocates campaigned for additional cybersecurity funding to improve cybersecurity in public school districts. Federal funding could have a wide reach, protecting millions of individuals and thousands of organizations.

Research and policy are important tools in combating cyber threats, including phishing. However, when it comes to preventing phishing attacks, individuals at all levels of the education sector have a role to play. From superintendents to administrators to teachers and students, there are fundamental concepts that must be considered in order to reduce the risk of a successful phishing attack in an institution.

7 Phishing Awareness and Anti-Phishing Tips for the Education Sector

1. Think before you click
   Do you know the child’s proverb for crossing streets: “Stop, watch and listen”? The saying is strangely applicable to the way teachers and students might want to think about opening emails from unknown senders. Stop to evaluate the email. Is the salutation strange? Does the url look wrong? Is anyone asking about access to a specific account you are using? Take a close look at the email. Are you sure everything looks fine? Listen to your gut. Maybe you should call the school administration to make sure they sent you this email and not the impersonator.
2. Train your students
   Create a fun and enjoyable lesson about phishing. Depending on the age of your students, you may want to explain that this is an online form of “stranger”. Also explain that students should avoid clicking any suspicious links or unexpected, strange-looking attachments. Show them specific examples of how threat actors often treat email.
3. Tell the parents
   If you are working with K-12 students who may need home help from their parents or guardians with online learning, your organization may want to proactively provide parents with information on how to detect a phishing threat. It takes a village.
4. Invest in anti-phishing tools
   Roughly speaking, 80% of cybersecurity incidents are related to phishing attacks. Strong anti-phishing technologies, including tools that can be automatically updated, make phishing prevention easier. Look for email security solutions with malware detection capabilities, speech processing techniques, and click analysis.
5. Endpoint security
   Sound like a nap? Your laptop is an endpoint. Your phone is an endpoint. Your students’ iPads are endpoints. Cyber ​​attackers can try to use phishing attacks, either directly or indirectly, to attack endpoints. Endpoint-focused cybersecurity solutions can quickly identify and fix malware issues that traditional email / phishing defenses may not detect.
6. Firewall security
   Are you a fan of medieval history? Yes, the flamethrowers once defended the castle with physical firewalls. In modern times, digital firewalls can protect your virtual campus.
7. Cyber ​​security expertise
   Make sure your institution or organization works with IT administrators who have cybersecurity expertise. Skeletal IT staff with limited cybersecurity skills may not be enough. Consider opening new roles in cybersecurity, such as: B. some public sector groups [1] are there.

Summary

85% [2] of companies say employees accidentally disclosed sensitive information to phishers and social engineers. The best ways to fight phishing scams are to raise awareness about phishing, implement a robust suite of powerful cybersecurity technologies, and make sure you use IT professionals to monitor and audit computer systems. Stay Cyber-Safe and Phishing-Free!

References:

[1] After a phishing attack, Cobb County strengthens its cyber defense

[2] What you need to know about phishing