Mobile devices in education have opened doors to students and teachers alike. While 1:1 initiatives and other tools intended to mobilize education have brought many benefits, they’ve also brought very real concerns about internet safety for students.
Bad actors may see non-technical users like students and teachers as soft targets for scams, and cybercriminals will likely take advantage of the fact that young people are less likely to monitor their identity actively for signs of a data breach.
Teaching and enforcing email security best practices can help students and teachers keep your school secure by defending against mass phishing campaigns and targeted social engineering.
Why internet safety for students matters
According to the 2019 Verizon Data Breach Investigations Report, 35 percent of data breaches in education are caused by miscellaneous human errors. These can occur because educators and administrators are often unaware of security best practices. For example, administrators at two major higher education institutions recently exposed sensitive student data inadvertently by sharing unencrypted spreadsheets.
While insiders pose the biggest risk to a school’s network, bad actors aren’t far behind. The second and third most common security threats in education involve attacks against web applications, including phishing and social engineering. To counter all of these, it’s crucial that you teach internet safety to students.
One out of four education sector data breaches last year involved web application attacks. Most commonly, phishing requests redirected users to phony login pages to steal their credentials. Bulk phishing email campaigns are also a common tool for spreading malware across school networks, according to The K-12 Cyber Incident Map.
Targeted social engineering (especially spear phishing attacks) resulted in the theft of “hundreds of thousands or even millions of dollars” last year, writes The K–12 Cybersecurity Resource Center. Hackers are “spearing” victims with emails that are targeted to specific educators, administrators, or students. Recently, hackers targeted K-12 school payroll departments in Ohio with emails disguised as requests from school principals.
Baseline mobile security for schools
Schools face some unique challenges regarding email security best practices, especially compared to corporations—you can’t just enforce a strict acceptable use policy. 1:1 mobile initiatives demand ease-of-access for employees and students, and mobile devices are frequently connected to unsecured Wi-Fi networks, as students do homework at home, in coffee shops, or elsewhere.
To tighten your defenses against the rush of web application attacks, the Verizon DBIR recommends stronger password security. Stolen credentials comprised 53 percent of sensitive data taken from educational institutions in 2018. Turn off IMAP settings and implement two-factor authentication (2FA) to ensure would-be wolves can’t run wild in your network if someone logs into a copycat cloud login page.
VPNs can protect students and administrators from the risks of unsecured home Wi-Fi networks. VPN solutions for education should balance ease-of-use with security to ensure that administrators, teachers, and students don’t develop workarounds.
Finally, cloud solutions for endpoint management can enable smarter network management and detect vulnerabilities on mobile devices. Consider tools that can segment and isolate endpoints if a compromise is detected to prevent the spread of malware.
6 internet safety for students tips
Internet safety for students and teachers is crucial. While spear phishers and other bad actors may view your users as easy targets, you can promote security best practices to make sure your people are prepared. Your active education campaigns should be tailored to the realities of mobile device security and the rush of web application attacks.
Remind your users to:
- Be cautious about opening attachments on emails from people they don’t know
- Be skeptical if a teacher or staff member requests private information like passwords via email
- Read URLs from right to left on mobile to check the last address for the true domain
- Avoid logging in to any website that doesn’t employ the https protocol
- Exit and report any URL that begins with an IP address
- Verify identities and requests for personal information in person or with a phone call
The education industry faces unique cybersecurity challenges on the road to mobile adoption. With innovative cybersecurity solutions that balance ease-of-access and protection, you can guard against hackers targeting schools.