Searching for "cybersecurity"

Cybersecurity Risks in schools

FBI Warns Educators and Parents About Edtech’s Cybersecurity Risks

By Tina Nazerian     Sep 14, 2018

https://www.edsurge.com/news/2018-09-14-fbi-warns-educators-and-parents-about-edtech-s-cybersecurity-risks

The FBI has released a public service announcement warning educators and parents that edtech can create cybersecurity risks for students.

In April 2017, security researchers found a flaw in Schoolzilla’s data configuration settings. And in May 2017, a hacker reportedly stole 77 million user accounts from Edmodo.

Amelia Vance, the director of the Education Privacy Project at the Future of Privacy Forum, writes in an email to EdSurge that the FBI likely wanted to make sure that as the new school year starts, parents and schools are aware of potential security risks. And while she thinks it’s “great” that the FBI is bringing more attention to this issue, she wishes the public service announcement had also addressed another crucial challenge.

“Schools across the country lack funding to provide and maintain adequate security,” she writes. “Now that the FBI has focused attention on these concerns, policymakers must step up and fund impactful security programs.”

According to Vance, a better approach might involve encouraging parents to have conversations with their children’s’ school about how it keeps student data safe.

++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

human nature cybersecurity

Keynote: Cybersecurity Awareness Is Dead! Long Live Cybersecurity Awareness!

Tuesday, August 21 | 12:05pm – 12:30pm ET |

https://events.educause.edu/special-topic-events/webinar/2018/encore-selections-from-the-educause-security-professionals-conference-2018/agenda/keynote-cybersecurity-awareness-is-dead-long-live-cybersecurity-awareness#_zsJE1Le1_zlSvd65

Far too often, cybersecurity awareness-raising training fails to account for how people learn and proven ways to change behaviors. The cybersecurity community too easily falls into the trap of thinking that “humans are the weakest link.” In this talk, Dr. Jessica Barker will argue that, if humans are the weakest link, then they are our weakest link as an industry. With reference to sociology, psychology, and behavioral economics, as well as lessons from her professional experience, Jessica will discuss why a better understanding of human nature needs to be a greater priority for the cybersecurity community.

Outcomes: Explore how we can apply knowledge from other disciplines to improve cybersecurity awareness-raising training and communications * Understand where the cybersecurity industry can improve with regards to awareness, behavior, and culture * Develop ideas to improve how you communicate cybersecurity messages and conduct awareness-raising training

++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

cybersecurity threats for schools

The top 5 cybersecurity threats for schools

BY EARL D. LAING November 29th, 2017
https://www.eschoolnews.com/2017/11/29/cybersecurity-threats-schools/

1. Link Security

From ransomware to phishing and other types of security breaches, direct contact is the number one way that you can create a vulnerability in your system. Those who commit these online crimes are finding smarter and sneakier ways to infiltrate your data every day. Sometimes the attack can even come as an email from a legitimate sender, or appear to be a perfectly normal message on social media. The goal is usually to get you to click on a link.

Solution: Make sure the security preferences for your email account(s) are set up to filter spamming, phishing and executable files that aren’t recognized.

2. Unknown Devices

Solution: Your IT system should include a solution that tracks all devices, including those not owned by your school, that enter the network.

3. Out of Date Technology

Contrary to popular misconception, user interaction isn’t always required for a cyber attack to be launched. The WannaCry attack targeted hundreds of computers all with the same security vulnerability on their Windows operating systems.

Solution: Again, an IT solution that tracks all devices is important, but one that can also check on software upgrades and block access to certain apps is ideal.

4. User Error

A data breach in Florida is just one example of the chaos user error can provoke. This issue didn’t begin with hackers at all. It began with carelessness that caused sensitive information to become public.

User error occurs regularly, and a common root of this is failing to restrict access to files or certain sites that may be compromised.

Solution: Restrict user access to sensitive documents only to those who absolutely need them, and make sure that your site architecture is set up to require a secure login for access. You may also want to create a white list of safe sites and applications and block the rest.

5. No Backup

As disheartening as it sounds, even when you take all the necessary precautions to protect your vital information, data breaches can still occur. When an attack happens, it’s often a major blow to productivity to try and get all the information back into a secure place. Worse, vital work can be lost for good.

Solution: Install a backup system on each school device that sends data to a remote server throughout the day (not just at night) to help make sure nothing is lost.

+++++++++++++++
more on cybersecurrity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

cybersecurity kaspersky

Kaspersky Lab Has Been Working With Russian Intelligence

 Emails show the security-software maker developed products for the FSB and accompanied agents on raids. July 11, 2017, 4:00 AM CDT 
https://www.bloomberg.com/news/articles/2017-07-11/kaspersky-lab-has-been-working-with-russian-intelligence

WHY THE US GOVERNMENT SHOULDN’T BAN KASPERSKY SECURITY SOFTWARE

  09.04.17

https://www.wired.com/story/why-the-us-government-shouldnt-ban-kaspersky-security-software/

he General Services Administration (GSA) has ordered the removal of Kaspersky software platforms from its catalogues of approved vendors. Meanwhile, the Senate is considering a draft bill of the 2018 National Defense Acquisition Authorization (known as the NDAA, it specifies the size of and uses for the fiscal year 2018 US Defense Department budget) that would bar the use of Kaspersky products in the military.

W.H. cybersecurity coordinator warns against using Kaspersky Lab software

https://www.cbsnews.com/news/kasperksy-lab-software-suspected-ties-russian-intelligence-rob-joyce/

Kaspersky: Russia responds to US ban on software

14 September 2017 http://www.bbc.com/news/world-us-canada-41262049

 +++++++++++++++

KASPERSKY, RUSSIA, AND THE ANTIVIRUS PARADOX

 10.11.17

https://www.wired.com/story/kaspersky-russia-antivirus/

Israel and Russia’s overlapping hacks of Kaspersky complicate espionage narrative

Israel and Russia’s overlapping hacks of Kaspersky complicate espionage narrative

The whole ordeal is a nightmare for Kaspersky Lab. The company looks incompetent at preventing state-sponsored hacks in the best-case scenario and complicit with the Russian government in the worst-case scenario. However it plays out, the unfolding drama will certainly hurt the software maker’s footprint in the U.S., where Congress has already taken action to purge the government of the company’s software.

+++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

wifi cybersecurity

All wifi networks’ are vulnerable to hacking, security expert discovers

WPA2 protocol used by vast majority of wifi connections has been broken by Belgian researchers, highlighting potential for internet traffic to be exposed

Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.

The United States Computer Emergency Readiness Team (Cert) issued a warning on Sunday in response to the vulnerability.

“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others,” the alert says, detailing a number of potential attacks. It adds that, since the vulnerability is in the protocol itself, rather than any specific device or software, “most or all correct implementations of the standard will be affected”.

+++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

girl scouts, badges for cybersecurity

Girl Scouts to Earn Badges in Cybersecurity

The education program is being developed in a partnership between the Girl Scouts and Palo Alto Networks. Jun 23, 2017

https://securitytoday.com/articles/2017/06/23/girl-scouts-to-earn-badges-in-cybersecurity.aspx

The education program, which aims to reach as many as 1.8 million Girl Scouts in kindergarten through sixth grade, is being developed in a partnership between the Girl Scouts and Palo Alto Networks, a security company, the organization said in a press release.

++++++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

cybersecurity and students

You’ve Been Hacked! Explaining Cybersecurity to Students in an Interconnected Era

By Jacob Batchelor 06/01/17

https://thejournal.com/articles/2017/06/01/youve-been-hacked-explaining-cybersecurity-to-students-in-an-interconnected-era.aspx

Here’s an easy way to explain IoT hacks to students:

  • A hacker accesses a device, like a webcam, through its internet connection. Devices with weak security or easy-to-guess passwords make easy targets.
  • The hacker can then infect the device with malware, a type of computer virus that takes control of a device.
  • The hacker now has a number of options. He or she can use the device to spy, infect other devices or attack a target like the servers (centralized computers that store network data) targeted in the October 2016 attack.
  • Research the manufacturer. Are they reputable? Have they previously been hacked? Big, established companies based in developed countries are usually the safest.
  • Read up on security features. Is the device password-protected? Can you set your own password? If so, make it a strong password that uses numbers, letters and symbols — avoid common words or phrases.
  • Regularly check for updates. Good companies will regularly update the software on their devices to protect against vulnerabilities.
  • Ask yourself — do you need it? Make sure internet-connectivity is something you really need on the device you’re using. In many cases, internet-connectivity is not necessary for the device to function properly.

a few tips that students can use to protect their privacy while using smartphones:

  • Research apps before signing up for them. Is it from a reputable developer? Has it had security issues in the past? Use the same approach as when researching IoT devices.
  • Look over the terms of service. What information does it require? Does it track or store your data? Can the developer sell your information? All of these questions are important to consider.
  • Be careful when linking apps to your social media accounts. Giving apps access to your social media accounts makes them vulnerable to hacking. Is there a good reason for the accounts to be linked? Can you sign up without linking to a social media account?
  • Use two-factor authentication. Two-factor authentication requires authorization beyond a password when using unrecognized devices such as entering a code sent to your cellphone. As apps allow, be sure to use two-factor authentication which will make it more difficult for hackers to access the information stored in your apps.

++++++++++++++
more on hackers in this IMS blog
http://blog.stcloudstate.edu/ims?s=hacker

cybersecurity grants

Grant program would support state, local cybersecurity

By Mark Rockwell Mar 02, 2017

https://fcw.com/articles/2017/03/02/state-cyber-bill-rockwell.aspx

The proposed legislation, said the lawmakers, would set up a cybersecurity grant program that would provide resources for states to develop and implement effective cyber resiliency plans, including efforts to identify, detect, protect, respond, and recover from cyber threats. It also would encourage development of a stronger cybersecurity workforce.

++++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

master program on cybersecurity

Berkeley Launches Online Master of Information and Cybersecurity

By Joshua Bolkan 11/16/16

https://campustechnology.com/articles/2016/11/16/berkeley-launches-online-master-of-information-and-cybersecurity.aspx

The University of California, Berkeley’s School of Information (I School) has tapped a private partner to help launch a new online program, Master of Information and Cybersecurity (MICS).

Dubbed cybersecurity@berkeley, the new program was developed in collaboration with the university’s Center for Long-Term Cybersecurity and College of Engineering.

The 27-unit course will use 2U’s online learning platform for live, weekly meetings. Between sessions, students will have access to interactive content designed by MICS faculty. Students will also have the opportunity to visit campus to meet faculty and classmates and attend lectures and workshops curated specifically for students in the program.

++++++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

millennials and cybersecurity

Survey: Growing Interest in Cyber Security Careers Among Millennials

By Leila Meyer 10/12/16

https://campustechnology.com/articles/2016/10/12/survey-growing-interest-in-cyber-security-careers-among-millennials.aspx

new report from Raytheon and the National Cyber Security Alliance

The report, “Securing Our Future: Closing the Cybersecurity Talent Gap,” surveyed 3,779 adults aged 18 to 26, from 12 countries around the world, including the United States, Australia, the United Kingdom, and countries in Europe, Asia and the Middle East.

a high-paying career as a cyber security professional requires skills millennials value, such as problem solving, analytical thinking and communication — and employment opportunities are available across a wide variety of sectors, including start-ups, government and hospitals.

Key findings from the report:

  • 64 percent of young adults in the U.S. heard about cyberattacks in the news last year, up from 36 percent the previous year, and compared to 48 percent of young adults worldwide;
  • 70 percent of millennials in the U.S. said cyber security programs or activities are available to them, up from 46 percent the previous year, and compared to 68 percent worldwide;
  • 21 percent of young men expressed interest in cyber competitions, compared to 15 percent of women;
  • 48 percent or respondents said more information about the specifics of cyber security jobs would help increase interest;
  • 59 percent of young men and 51 percent of young women received formal cyber safety lessons in school, up from 43 percent and 40 percent respectively last year; and
  • 40 percent of respondents said parents are the most influential people helping them with career advice, and 19 percent said no one was influential in helping them with career advice.

++++++++++++++++++++++++
more on cybersecurity in this blog

http://blog.stcloudstate.edu/ims?s=cybersecurity

1 2 3 5