Schools are doing their part to prevent the spread of Coronavirus by mandating home schooling for all students across Australia.
To do so safely, without exposing their networks and home schoolers to cyber risks, schools should follow certain best practices to make sure digital assets are just as secure as they would be on campus.
Unfortunately, cybercriminals have already started to take advantage of the pandemic. From the malware-infected Coronavirus heat map, to the phishing emails aimed at taking advantage of fearful Australians looking for answers, criminals are actively trying to capitalise on the nation’s vulnerability during this challenging time.
The risks of home schooling
Home schooling, for a portion of the nation's students, has always been a valid option in Australia. However, the current scale of remote education is unprecedented. According to some figures, previously home school numbers were around 30,000. This meant schools that enrolled distance students could manage security risks with relative ease. However, under the current situation, when the entire student population are suddenly relying on online tools at such short notice, it is very difficult for schools to prepare and adapt.
Every time a student logs onto the school network, the IT team has to monitor and secure that student’s device. When you have thousands of students logging on from different locations, this becomes an impossible task.
Another challenge is students tend to be less alert and easily distracted at home. Especially at this chaotic time, many are mixing schoolwork with other activities such as web browsing, chatting with friends, while using personal devices to do schoolwork. This increases their chance of exposure to phishing emails and fake websites. Adding to the problem is home networks typically are less secure and more vulnerable to phishing attacks.
What schools can do to minimise cyber risks
Despite the challenges, this is the optimum moment to take stock of your school’s security infrastructure for remote learning to avoid a serious security breach. School communities working and learning at home can follow these practical security steps to protect their school networks:
1. Use a reliable virtual private network (VPN)
By providing a VPN service to all staff and students where necessary, their online activities are the same as if they were sitting at school, the secured network. All traffic is encrypted and protected by the school’s local network security measures.However, it’s important to recognise that not all VPN services are created the same. Some only encrypt the data in transfer, but not application data. Others collect data to sell to third parties. Therefore, it’s important to do your research in choosing a reliable VPN service.
2. Provide phishing training to staff and students
Phishing is a key contributor to cybersecurity breaches, according to the latest COVID-19 alert from the Australian Cyber Security Centre. Given the number of coronavirus-themed emails in the wild, now is a good time to circulate training on good email hygiene best practices to warn staff and students of possible scams:
- Always check the source of the email is trusted – check the spelling of names and websites to make sure they are legitimate.
- Be wary of emails coming from health organisations as there are a lot of spoof domains.
- Do not download attachments unless from a trusted source.
- Always question the wording of emails before clicking anything.
3. Avoid sharing resources for work/learning and personal use
For students with school devices, it is best practice not to share the device across users, as well as not accessing non-school applications from these devices.
4. Install cybersecurity tools such as firewall and AV on home networks
Communicate with parents to educate them on installing or updating their cybersecurity measures on the home network. This includes firewalls as a first line defence to prevent threats entering and a good antivirus software that can act as the next line of defence by detecting and blocking known malware.
It’s also important to update and patch all apps and browsers and ensure they are on auto update to prevent cyber criminals exploiting known security vulnerabilities.
5. Educate students on good password hygiene
It’s as important as ever to ensure that all accounts are protected with strong passwords. Unfortunately, many people still use the same password across multiple accounts. This means criminals can take over all accounts by having access to just one password.
Passwords should always be a long string of upper- and lower-case letters, numbers, and special characters. Using a good password manager is important to create, remember, and autofill passwords.
As a resource to help families easily remember cybersecurity steps at home we have created an Online Safety Checklist that can be printed and placed near the family computer for quick reference, available for download here.