Aug 13Students, Teachers and Administrators Have a Lot to Learn about Cybersecurity This Semester — And There’s No Better Instructor than ThreatMetrix
More Mobile Devices, More Online Courses, More Student Online Data Storage and More Online Testing Mean More Cybercriminals are Looking to Cash in This Fall
“As students of all ages head back to school, they’ll most likely arrive with mobile devices in hand and on top of that many will receive tablets directly from school” said Alisdair Faulkner, chief products officer, ThreatMetrix. “However, increased device usage leads to an immense amount of sensitive information shared online and many students aren’t aware that online and mobile activities expose that information to cybercriminals.”
Following are the top risks for students with mobile devices to be aware of:
- iPhone 6 with Apple E-Wallet – If the rumors are true, the newest iPhone will come equipped with an “e-wallet” that lets users pay for goods in-store with their iPhones. This will make the iPhone 6 a much bigger target for cybercriminals because the iPhone will not only hold users’ credit card data, but sensitive material such as passwords and banking info. Those who upgrade to the iPhone 6 will have to take extra care.
- Malicious Links and Apps – Often to save money, students (and others) will download unauthorized apps from third-party sources. These downloads are prime hiding places for malware that can offer cybercriminals easy access to personal information stored on the devices. Additionally, students should be aware of malicious links offering free textbooks or test answers and “too good to be true” links. In short, they should only click on links and download apps from trusted sources.
- Online Storage – Many students have not only their schoolwork and assignments stored with companies like Dropbox, they also use it for sharing photos and videos. While password protection isn’t foolproof, students and others should always use complex passwords and make them unique to each site.
- Public Wi-Fi Networks –With public Wi-Fi widely available these days, many students will choose to complete their work in coffee houses or libraries over public networks – but those networks are only as secure as their weakest link. Students should avoid online banking activities and accessing other sensitive information over public networks, such as student portals with their tuition information.
- Jailbroken Devices – Tech savvy students want access to the most personalized features, often prompting them to jailbreak their smartphones or even their school-provided tablets. This usually means deactivating a device’s security to download unauthorized applications and customized features. However, jailbreaking devices comes with consequences that students often ignore, such as downloading malicious apps.
Educational institutions are under threat of attack when students access online educational portals with infected jailbroken devices. Therefore, institutions should consider implementing a platform that can detect jailbroken devices to protect stored data such as student identity and tuition information, as well as denying access to students using jailbroken devices.
“While many of the security risks associated with going back to school this year fall onto students, educational institutions must also take steps to protect students from threats beyond their personal devices and activities,” said Faulkner. “Schools are incredibly concerned with their students’ success and well-being, but often don’t see how that translates to their online activities. Unfortunately, if a cybercriminal accesses a student’s information through an educational institution’s online portal, the results of that can be catastrophic to that student and their future.”
As schools shift everything from administering tests, lesson plans and student data online, they must ensure that none of this information can be accessed by cybercriminals. Educational institutions should be aware of risk associated with:
- Online Student Data – In February, the University of Maryland was the target of a sophisticated attack that exposed the sensitive information (including names and Social Security numbers) of more than 200,000 students who enrolled at the university between 1998 and 2014. As the largest debt asset fund in the country, U.S. colleges and universities are a massive target for cybercriminals. Because of this, schools must take measures, such as implementing advanced fraud prevention and context-based authentication to differentiate between legitimate students and potential cybercriminals to ensure their online student records are secure. If students’ identities are compromised through their school records, it can have an impact that follows them throughout their lives.
- Online Test Delivery – In addition to keeping student data secure, determining whether students are who they claim to be when taking online tests and lessons can be difficult for educational institutions. Schools should consider implementing a security solution that uses contextual factors beyond IP addresses and cookies to deter cheating or sabotage associated with online testing.
- Bring-Your-Own-Device (BYOD) –. Many students bring their laptops and tablets from home to take notes in class, take tests online and access their school’s online portal for lesson plans and activities. Educational institutions should be sure they are implementing secure BYOD policies, such as monitoring logins in real-time and ensuring no one is accessing data that should not be available to them.
It’s up to students to protect their devices and schools and universities to protect their online resources.