Presented by Larry Larsen, Director of Cyber Security, Apple FCU
As I often say in my presentations and training classes, Cyber Security is everyone’s responsibility these days, and with students returning to school soon, it’s even more important to make sure they’re safe in the digital world.
With the majority of students, especially those in high school and college, using multiple mobile devices, the opportunities for cyber threats are more abundant than ever before. Laptops, tablets, and smartphones are all treasure troves of personal data that criminals would love to get their hands on.
Late in 2018, the FBI’s Internet Computer Crimes Center (IC3) distributed a Public Service Announcement that outlined the types of data that are at risk for misuse in the average educational environment:
- Personally identifiable information (PII) – Full name, address, Social Security Number, and other data that can be used in identity theft activities;
- Biometric data – Fingerprints and face scans used to access mobile devices;
- Academic progress – Grades and other records that can be manipulated;
- Behavioral, disciplinary, and medical information – Medical data is especially dangerous in the wrong hands, and this other information can be manipulated to falsify records;
- Web browsing history – Can be used for cyberbullying or extortion;
- Students’ geolocation – Physical locations can be used by stalkers or other threat actors;
- IP addresses used by students – These can be used by hackers to target students; and
- Classroom activities – The student’s class schedules and locations are also valuable to criminals.
The sad truth is that many colleges and school systems have computer networks more focused on the sharing of information and data, instead of locking it down and keeping it secure. Cyber criminals know this, and take advantage of it frequently, either to collect data for future crimes or as a place to store their tools and launch their attacks.
In order to reduce the risk of your student’s information being compromised at school, IC3 has some tips to consider, including:
- Research existing student and child privacy protections of the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA), and state laws as they apply to education technology services.
- Conduct research on parent coalition and information-sharing organizations which are available online for those looking for support and additional resources.
- Research school-related cyber breaches which can further inform families of student data vulnerabilities.
- Consider credit or identity theft monitoring to check for any fraudulent use of their children’s identity.
While students and parents cannot control the security posture of a school’s information networks, we can make sure the devices themselves are configured to minimize the threat of cyber crime.
Laptops should be running the latest version of their operating system (Windows, Android, etc.), and have robust anti-malware software installed and running, with updates set to automatically install. They should also have their firewall enabled.
Smartphones and tablets should have a personal Virtual Private Network (VPN) installed to protect Internet connections and prevent digital eavesdropping.