The COVID-19 pandemic has opened our eyes to ways that we as a society need to protect ourselves better. But we don’t only need to protect ourselves from germs and viruses--we also need to protect our cyber wellbeing.
As institutions of higher education shift much of their operations and interactions online, they need to be aware of the risks and security issues that this brings. Cyber attacks have been a problem since the internet was invented, but in this hyper-connected digital age, it’s more important than ever to make sure your institution protects itself from phishing and scams. And as more schools move online, those without proper cybersecurity protection in place will be increasingly under siege.
Higher Education Cyber Security Risks During COVID-19
Often, protecting your institution from cyber security risks involves educating all users, and encouraging them to use safe email practices.
All members of higher education institutions should be on the lookout for phishing emails that seemingly offer official information about COVID-19. Phishing emails are intended to entice victims into providing their credentials or install malicious software. With the issues happening and impacting everyone in such a drastic way, there are people looking for help in many ways.
To protect yourself, make sure to verify the source and authenticity of the email before clicking on any links.
External hackers target colleges and universities for personal information like birth dates and social security numbers, while internal hackers (think disgruntled students and staff) may try to access grades or intellectual property. Unfortunately, colleges and universities are often targeted for cybersecurity attacks, so it is important to know how to protect your institution.
How to Stay Safe From COVID Hackers
What Individuals Can Do To Protect Their Home Technology
If you want to reduce the likelihood and effectiveness of cyber attacks, your organization must empower individual users to use best online safety practices.
- Using secure passwords: Everyone should use unique and complex passwords for their accounts. Don’t use sequential numbers (like 123) and make sure to mix uppercase and lowercase letters. Using a password manager like Lastpass ensures that you have all passwords in a secure place rather than saved to your PC or Chrome settings which are easily accessible by hackers. Password managers also have the ability to generate random, secure passwords for you that are really helpful. You want long passwords of 16 characters or more which is actually more secure than creating new passwords every few months.
- Updating systems and software: Updates often include new security measures, so installing them when they are made available is crucial. This includes computers, tablets, and smartphones.
- Securing Home WiFi: Home internet should use WPA2 and a unique security key and also use a guest network to ensure visitors or IOT devices are separate from important resources
- Using VPNs: A Virtual Private Network (VPN) is an excellent way to ensure that faculty and staff can securely access online University tools and databases. A VPN will protect these individuals from phishing emails and malware attacks, just like a firewall.
What Universities as Institutions Can Do
- Add two-factor authentication
- This is best deployed for systems with sensitive data and commonly exploited systems like email
- To avoid Phishing
- Don't click through any email you are unsure of
- Check the sender address REALLY closely!
- Providing security awareness training to users - this is as important as technical controls