Malware, Phishing, Hacking, Ransomware – oh my! Learn about the threats to you, your users and your library. During this session, we will explore the threats to online security and discuss solutions that can be implemented at any level. Most importantly, we will look at how we can educate our users on current threats and safety
This is why security keys, not SMS, is the proper second-factor authentication. (App authenticators are better than SMS but still prone to phishing). Some young one may well have walked into a store saying “hi, I’m Jack Dorsey” with a fake-crap ID and got away with his account. https://t.co/PR0VPT4y63
School administrators and IT staff can be super-vigilant, but the hackers are getting better and better at sneaking through security.
the most common cybersecurity threats, and how can school staff avoid them?
Eavesdropping / Man-in-the-Middle (MiTM) Attacks
What they are:It’s likely that you sometimes use a school laptop or mobile device to gain internet access via Wi-Fi networks in public places like coffee shops or airports. If so, be aware that there may be hackers eavesdropping to try and gain entry to any two-party exchange you make so they can filter and steal data.
How to avoid them:Always use a school-verified SIM card, dongle or VPN(virtual private network) to access the internet in public places.
Social Engineering Attacks
According to Verizon’s 2018 Breach Investigations report, 92 percent of malware is delivered via email, often referred to as social engineering attacks. The aim is to interact with the user and influence and manipulate their actions to gain access to systems and install harmful software. Malware uses various guises. Here are some of the most common:
“They do plan,” said a senior Obama-administration official. “They’re not stupid at all. But the idea that they have this all perfectly planned and that Putin is an amazing chess player—that’s not quite it. He knows where he wants to end up, he plans the first few moves, and then he figures out the rest later. People ask if he plays chess or checkers. It’s neither: He plays blackjack. He has a higher acceptance of risk. Think about it. The election interference—that was pretty risky, what he did. If Hillary Clinton had won, there would’ve been hell to pay.”
Even the manner of the Russian attack was risky. The fact that the Russians didn’t really bother hiding their fingerprints is a testament to the change in Russia’s intent toward the U.S., Robert Hannigan, a former head of the Government Communications Headquarters, the British analogue to the National Security Agency, said at the Aspen Forum. “The brazen recklessness of it … the fact that they don’t seem to care that it’s attributed to them very publicly, is the biggest change.”
From ransomware to phishing and other types of security breaches, direct contact is the number one way that you can create a vulnerability in your system. Those who commit these online crimes are finding smarter and sneakier ways to infiltrate your data every day. Sometimes the attack can even come as an email from a legitimate sender, or appear to be a perfectly normal message on social media. The goal is usually to get you to click on a link.
Solution: Make sure the security preferences for your email account(s) are set up to filter spamming, phishing and executable files that aren’t recognized.
2. Unknown Devices
Solution: Your IT system should include a solution that tracks all devices, including those not owned by your school, that enter the network.
3. Out of Date Technology
Contrary to popular misconception, user interaction isn’t always required for a cyber attack to be launched. The WannaCry attack targeted hundreds of computers all with the same security vulnerability on their Windows operating systems.
Solution: Again, an IT solution that tracks all devices is important, but one that can also check on software upgrades and block access to certain apps is ideal.
4. User Error
A data breach in Florida is just one example of the chaos user error can provoke. This issue didn’t begin with hackers at all. It began with carelessness that caused sensitive information to become public.
User error occurs regularly, and a common root of this is failing to restrict access to files or certain sites that may be compromised.
Solution: Restrict user access to sensitive documents only to those who absolutely need them, and make sure that your site architecture is set up to require a secure login for access. You may also want to create a white list of safe sites and applications and block the rest.
5. No Backup
As disheartening as it sounds, even when you take all the necessary precautions to protect your vital information, data breaches can still occur. When an attack happens, it’s often a major blow to productivity to try and get all the information back into a secure place. Worse, vital work can be lost for good.
Solution: Install a backup system on each school device that sends data to a remote server throughout the day (not just at night) to help make sure nothing is lost.
Based on my experience in Tallinn, we will see companies become more transparent in how they deal with cyber attacks. After a massive cyber attack in 2007, for example, the Estonian government reacted in the right way.
My note: I listened to the report in my car yesterday. It is another sober reminder for being proactive rather then reactive (or punitive). We must work toward digital literacy and go beyond that comfortably numb stage of information literacy.
An Experiment Shows How Quickly The Internet Of Things Can Be Hacked
We have basic security in place in modern devices that screen out the most obvious attacks. Really getting phished, if you will, is more of a problem where you are tricked in surrendering your password or username to a common service. If you plug in your webcam into your router or to your Wi-Fi, you’re relatively safe.
I think the biggest security concern for folks at home would be if their router actually is old, it might have an easily guessed password that someone could gain control. Most modern devices don’t have that problem, but that certainly is a concern for older devices.
It’s become increasingly common for hackers to sell compromised streaming accounts for services like Netflix, HBO, and Spotify on the dark web — a section of the internet only accessible from a special web browser. These account passwords are often recovered from phishing attempts, a hacking method that involves tricking someone into giving up their account info to what appears to be a legit source.