3 Reasons Why Open Dialogue on Cybersecurity is Vital for Educators in the Distance Learning Era
By Andrew Homer
October 15, 2020
Students and teachers may be back in school now, but things are not as they were before. That is especially true when it comes to today’s substantially heavier reliance on technology to stay connected. Although schools are adapting to the new normal of remote learning, so are cyber attackers who are taking advantage of the status quo. The prevalence of third-party technology vendors presents ample opportunity for threat actors to infiltrate these systems and exploit their security flaws, especially given the reliance on collaboration applications, which have proven to be less hardened. Morphisec Labs researchers discovered one such flaw in the Zoom application that enabled threat actors to record Zoom sessions unbeknownst to participants.
Cybersecurity defenses have started to evolve to our new normal, but so have threat actors who are not afraid to play dirty. Back in September, The Wall Street Journal reported on a particular incident where one or more hackers had “published documents containing Social Security numbers, student grades and other private information from a large public school district in Las Vegas after officials refused a ransom.” The Clark County School District (CCSD) released a report detailing the attack. It claimed that the breach resulted from a “criminal ransomware attack” and that “they were investigating” alongside law enforcement to determine what personal data was at risk.
Several CCSD teachers told @kylagaler their classes were hacked.
"The best recommendation is to… tell [students] do not share this link and then also perhaps requiring the participants to use their real names," a cybersecurity expert said. https://t.co/R5tPsotseq pic.twitter.com/T4r5lqscK8
— FOX5 Las Vegas (@FOX5Vegas) August 26, 2020
Distance Learning Has Ushered in More Opportunities for Cyber Criminals to Strike
Unfortunately, at this point, the toothpaste was already out of the tube. Although the hackers did not receive the ransom they requested, multiple teachers and students’ privacy was permanently violated. And while the CCSD claim they had plans to review their current policies and promised to implement safeguards, their list does not go far enough in terms of communication. Given the current scenario, it’s vital for teachers, students and other school officials to be more vigilant and play their role in cybersecurity.
Although cybersecurity isn’t a standard form of the curriculum in schools, educators and administrators need to realize that we’re not living in ordinary times and need to take more proactive measures to prevent it. Terms like “ransomware,” “phishing,” and “spoofing” should have meaning to teachers, students, and even parents, so they know what to look out for and how to respond appropriately. While schools can invest in more proactive advanced threat protection, fostering dialogue among schools around cybersecurity and teaching the importance of cyber hygiene is not only a cheaper option; it’s imperative in the distance learning era.
Here are three tips for fostering dialogue on cybersecurity and the importance of collaboration to promote healthy cyber hygiene.
IT and Educators Need to Stay Remotely Connected
An IT department’s role in the education space is monumental but often in the background and overlooked. Their role goes well beyond just being the people you call when your equipment or computer acts up. However, it wasn’t until schools shifted to remote learning when faculty and administrators realized how important it was to have an easily accessible IT department. Morphisec’s Education Cybersecurity Threat Index, which surveyed 500 teachers and administrators across the U.S. in July 2020, revealed that when asked how COVID-19 and distance learning has impacted cybersecurity at their school or institution, over one-third say the most significant impact was that it forced their IT teams to work remotely.
This finding is problematic in two ways. First, cybersecurity has traditionally been a problem for many schools even before the conversion from in-person classes to remote learning. In fact, Morphisec found that more than one-third (34%) of educators at colleges and universities, and 26% of K-12 educators, say their institution has historically been the target of a cyberattack. Secondly, 69% of educators claim they’re now using video tools to improve their teaching and productivity as they move to distance learning.
The glaring issue with this is as the proliferation of third-party technology in the classroom continues, threat actors will have more outlets to infiltrate and cause damage without an easily accessible IT team to come to the rescue. Considering over half (52%) of K-12 educators in the U.S. say their school has not warned them about the dangers of ransomware, a lack of communication can have a devastating impact on schools.
Educators Need to do What They do Best — Educate
Although it’s essential for there to be established communication channels between IT and educators, the same knowledge needs to be imparted on students utilizing third-party applications in the virtual classroom. While this is not a call for higher education or K-12 schools to establish cybersecurity as part of their curriculum, students need to be aware of the potential threats they could face in cyberspace. Zoombombing, a recently popular form of trolling where individuals can use Zoom’s screen sharing feature to blast other viewers with any content they choose, has continued to plague users of the video chat tool. Of course, this form of trolling is an unnecessary danger for all schools, but with K-12 specifically, it can be especially devastating given the students’ young ages.
Hackers target students during a Zoom virtual class. Students left in tears. #Zoombombings are becoming more common. Zoom askes if you experience a zoombombing call law enforcement and notify zoom. #zoomclass https://t.co/F8nWoM0aWa
— ISSA Raleigh, NC (@RaleighISSA) October 13, 2020
Additionally, with more messages and files being exchanged virtually, how does a student know if the email they received from their principal is actually from their principal? Unfortunately, considering 29% of educators are unsure if their school or education institution has ever been the target of a cyberattack since the onset of COVID-19, one could only imagine how in the dark students are when it comes to cybersecurity.
The use of personal computers for remote learning isn’t exactly uncommon among college students. However, for many K-12 students, they’re forced to use their personal computers where the type of cybersecurity defenses installed could be anyone’s guess. Interestingly enough, only 7% of respondents say they have concerns over a cyberattack shutting down their online teaching ability. When we asked educators their most significant problem with shifting to teaching students entirely online, almost half (49%) say their situation is driven by their desire to ensure students are engaged and actively learning in full-time virtual learning.
For K-12, Make Sure Parents Are in The Loop
Although the 1974 Buckley Amendment prohibits teachers at higher education institutions from sharing a student’s records with their parents, teachers at K-12 schools would be wise to keep parents in the loop related to their kid’s cybersecurity. Even though one-third (33%) of educators note that COVID-19 has mandated more dialogue on cybersecurity with parents and students, that number is still insufficient.
And even though educators should do their best to communicate proper cyber hygiene, the bottom line is that those students spend more time with their parents using their electronics. Getting parents involved and teaching them the importance of conducting proper cybersecurity practices to their kids will help instill those practices and help students from beyond the classroom.
However, teachers don’t necessarily have to teach parents about cybersecurity the same way they teach it to their children — they just need to be sure to put cybersecurity on parents’ radar. While you monitor what apps and games your toddler accesses, it might be harder to keep an eye on teens and their online activity. More screen time can come with a price. This is why it’s essential to teach your young ones about their digital profile and how they can stay safe while perusing the web – and the sooner, the better.
Parents should also be aware that resources out there can help them teach their kids about cybersecurity even outside the classroom. The Center for Internet Security (CIS) has provided 6 Educational Resources for Kids, a curation of the best cybersecurity resources available for kids of every age to keep them entertained, educated, and safe. By fostering this kind of dialogue, the risks of being targeted by cyberattacks are severely reduced.
Andrew Homer is the VP of Security Strategy at Morphisec.