Remote learning, communication, and collaboration solutions have emerged as the key drivers of the now quarantine economy. With solutions such as Zoom witnessing rapid adoption across the board – from educational institutions, to organizations, and government agencies – cyber risks associated with virtual learning is higher now more than ever.
Educational institutions are particularly more vulnerable to cybercrime considering how the average user (teachers and students) may not have received sufficient cybersecurity or cyberliteracy training. Additionally, the overnight switch to virtual classrooms and spaces have exposed these organizations to cybercrime unlike businesses and other governmental organizations, where the rollout was calculated and measured.
“We have shifted to a completely remote culture and we’ve done it in short order. Those are the same systems that we see creating opportunities to get someone to click on a link and that link can both try to steal credentials and deploy malware. These phishing emails are links with verbiage such as ‘You have a zoom meeting.’ We’ve seen this show up in our customer base and while the techniques and the technology remain the same, the targets are different,” says Kevin O’Brien, CEO at GreatHorn.
“Let’s think about why this happens: Someone who is young, who has no credit history, and has a valid social security number is an incredibly lucrative target for a financial theft situation because you simply make it look like that person is 18 years or older or you go after a high school student and you get their credentials for an identity theft move and that information can then be used to open fraudulent bank accounts, credit cards, and other types of accounts. These people are likely not worldly enough to know to watch their credit score because they are literally children. This is a huge part of the risk today,” O’Brien adds.
Top 4 Cybersecurity Risks Facing Educational Institutions
As more states impose stay-at-home orders amid the second wave of the pandemic, remote learning is here to stay. Cybercriminals have also had sufficient time to plan and target students and teachers by deploying techniques such as phishing, ransomware, social engineering, and more. Let’s take a look at some of the major cybersecurity risks remote learning opens up:
While most educational institutions have large IT networks, their budgets do not allow for sophisticated security solutions or staff. What doesn’t help matters further is that most of these institutions follow a bring your own device (BYOD) system. With so many unknown variables it is incredibly challenging to ascertain what devices and applications are secure and what aren’t. With remote learning, it is especially difficult to know what kids’ devices have access to and how to secure them appropriately.
This was evidenced earlier this year when the Rialto Unified School District had to suspend classes after they uncovered a malware attack. More than 25,000 students were affected as a result. FBI supervisory special agent Corey Harris said, “We want all school districts to be prepared and understand that there’s a possibility that they could be attacked.”
“With so many kids that will be conducting school virtually, that increases the risk. That opens the door for an attacker to actually compromise either the school district’s network or the kids’ computers,” he added.
Phishing and social engineering attacks also pose a major risk to schools and universities. Cyber criminals usually manipulate students, teacher, or staff members to click on malicious links and provide them with access to the educational institute’s network and resources.
Human error is perhaps the most common gateway to phishing attacks. Which is why it is critical that educational institutions provide staff and students with training to bolster cyber resilience. Institutions can also drive user awareness campaigns and hold seminars to protect their network from cyber risks. A comprehensive cyber security training program which includes simulated attacks can greatly reduce the likelihood of phishing attacks and foster a positive security awareness culture.
3. Access Open Sensitive Data
Universities and schools can be a rich source of valuable information for cyber criminals. Personal data, proprietary research, and other IPR make educational institutions a lucrative target.
We have known for years that whether you’re talking about email security, cloud security or data protection security, one of the core targets for criminals who are trying to steal information is the higher education system. And it is generally because the IP that is being used is an incredibly high value one, especially if it is a research based one that leads to patentable information that gets exfiltrated and stolen by foreign state actors and foreign companies that don’t respect copyright laws.
That information is definitely a target and it’s been a target for a long time. Some of the information is, in fact, sensitive information that might relate to nuclear research or rocket tree technology, and those are targets. That type of information schools and teachers don’t want to slip out and thus it is incredibly important to protect and safeguard it.
To ensure this data doesn’t end up in the hands of cyber criminals, educational institutions must enforce access based on user identity, allowing only authorized users to access data that they need. Deploying two-factor authentication (2FA) for sensitive data or areas can also help protect against hacks and attacks.
4. Zoom Bombing
Zoom bombing is a new threat that has emerged over the past few months. Attackers typically intrude into a Zoom meeting and listen into sensitive or personal discussions or just cause disruption by posting pornography or laughing. Zoom bombers are more than just annoying, they can steal important information, email ids, and record meetings or classroom sessions to trade on the dark web
Just minutes in, we were #Zoombombed, during testimony from @SalDiDomenico. The person used both verbal and physical vulgarities. Tremendous staff of @SoniaChangDiaz and @RepKayKhan removed the individual from the hearing.
— Senator Becca Rausch (@BeccaRauschMA) April 13, 2020
Organizations and people who publicly display their Zoom meeting id or URL expose themselves to this risk. Considering how the user-base for Zoom exploded from 10 million daily users to 300 million in under a month, makes the platform vulnerable to “gatecrashing.” While meeting passwords and enabling hosts to control screen sharing can significantly reduce the likelihood of a miscreant taking control of your Zoom classroom, cybersecurity training remains the most effective way to combat this phenomenon.
While these four cybersecurity risks might be most popular there are a ton of other threats that educational institutions must prepare for. Our industry-leading IT security capabilities help make virtual environments for educational institutions like schools and universities safer. Employ a solution that can help keep your school district, students, educators and entire remote learning environment safe from cybercriminals.