Introduction:
Global education groups and the people who support them are increasingly at-risk of flummoxing phishing attacks. Phishing attacks have increased worldwide across the past year. Within the education sector, more than 40% of all cyber attacks occur due to phishing.
After a phishing attack, an educational institution may see spectacular costs. In textbook cases, attacks can run anywhere from $100,000 in remediation expenses to as much as $4.77 million.
Unlike traditional business groups, the education sector is largely under-funded, and as a result, the idea of investing in cyber security can be a tough-sell. But as many as 71% of education sector organizations state that they’re unprepared to defend against hackers. What should you do?
If you’re interested in phishing prevention for your institution, here are cyber security concepts and best practices, provided to you by cyber security experts.
For institutions:
1. Inform everyone about phishing and other forms of social engineering. Consider hosting a luncheon, where an IT staff member can answer questions about what to look for in identifying a phishing attack, and what to do if an individual accidentally clicks on a malicious link. You can also host special cyber security awareness workshops, leveraging video content, polls, and other interactive, engaging teaching methodologies.
2. Ensure that you have enough IT personnel and that you know how to reach them. The cyber security skills shortage, combined with budget cuts and financial conservativism, mean that many institutions are operating with skeleton staffing. If it’s Friday at 4pm, Miguel is away on vacation, and a cyber attack hits, what should you do? In preparation for a potential cyber emergency, ensure that you can easily get in-touch with your cyber security managers.
You may also want to write down important phone number and email addresses on paper and to store this information in a hidden location. Should a cyber attack strike, networks may be disabled, and your organization’s internal, electronic employee management system may fail. Analog information management could be of help.
3. Implement anti-phishing technologies. Investing in and implementing anti-phishing tools can help sort malicious emails from safe ones. Look for anti-phishing tools that are low-maintenance and that auto-update. An email security set-up that quickly detects dubious content is key. Obtain a solution that includes language processing techniques and that can offer click-through analysis. Ensure that you stop potential threats before they reach your professors or teachers, staff and students.
4. Inform everyone about how to report suspicious emails. The majority of phishing attacks target multiple people simultaneously, although instances of “spear phishing” (a single target) can occur. In the event that people perceive themselves as recipients of suspicious emails, people need to know how this information should be reported. If an IT/security team learns about the threat from your internal community, they can potentially take action to delete malicious emails before a high volume of people click. Malware removal and password resets may also be possible for potentially compromised persons.
For students:
1. Tell your friends about phishing attacks. Phishing fraudsters attempt to deviously dupe people into clicking on malicious links or attachments. These scams are often clever and creative, taking a variety of different forms. The pretexts for emailing you will range in nature. A new Amazon Prime deal? A medical insurance form? An email about a debt due to the bursar’s office may in fact be a scam. If you have questions about the legitimacy of an email, and you’re familiar with the sender, contact them by phone to follow-up. Be polite and professional.
2. Avoid reusing passwords. Hackers sometimes conduct what are known as “password spraying” attacks, where they use artificial intelligence and machine learning tools to test out millions of different password combinations against your accounts. If they find that a password works in one instance, they may also attempt to use it to gain illicit access to your other online portals. While you might not think that you store hugely sensitive data in any of your online accounts, you might be surprised regarding the types of information that hackers are after.
Cyber criminals break into accounts to gain names, phone numbers, email addresses, and other really boring, seemingly useless info. In some cases, this info can be sold on the dark web for a profit. The bottom line—Avoid reusing passwords.
3. Skip the easy passwords. Most millennials and gen-Zers know that memorizing a million different complex password combos is difficult. As a result, people plug in passwords that involve street addresses, the names of friends, family members or pets, or they use phone numbers. Determined, professional-level cyber criminals know this, and may take the time to dig up personal data about you in order to use that information as part of an attempt to break into your accounts. For this reason, you should create passwords that you can easily memorize (example: ilove3Musketeersbars), but that aren’t easily guessed.
4. Report scams. Feel like hackers are taking you for a loop? Learn about how to report suspicious cyber events to administrators or other pertinent personnel within your organization. Reach out for information, if it’s not readily available. A lazy approach to cyber security could jeopardize everyone. In the event that you really have experienced a fraudulent event, reporting it will help prevent similar incidents among others within your community.
5. Consider security for your cell phone. Cyber attackers commonly use a variety of different tactics to tempt users, including text messages. More than 4 billion people are connected to smart phones. However, organizations and individuals often fail to prioritize mobile device security. Consider a simple, affordable and reputable cyber security solution for your phone.
For everyone:
Preventing phishing attacks is imperative for all persons involved in the education sector. Take a comprehensive approach. Adopt an attitude of awareness, and if possible, implement the right cyber security infrastructure. Keeping secure can be the difference between successful learning outcomes and learning losses. Limit your liabilities and eliminate potential threats. Phishing prevention is a collective endeavor and everyone needs to play their part.