Last year, we saw an uptick in news stories on educational institutions and cyber attacks. That aligns with a report from the K-12 Cybersecurity Resource Center featured in Education Week that found that in 2019 cyber attacks on schools had tripled. The report partially credits the increase to more schools being so reliant on technology. Unfortunately, cyber attacks don’t show any signs of slowing down, and during this stressful time of the coronavirus pandemic, hackers and cybercriminals are taking advantage of people’s fears by using coronavirus-related phishing email schemes.
Phishing attacks can happen when a hacker sends a mass email to staff, pretending to be a district official and asking, for instance, for help in purchasing gift cards. But emailers can also go after employee payroll information, in order to steal employees’ identity and tax information. In the case of these new coronavirus-related attacks, these emails are meant to look like official alerts from organizations like the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO), as well as trusted personnel like health specialists and even your workplace management team.
As we all are trying to stay up-to-date on coronavirus news, this makes us even more susceptible to these scams.
Here are some tips to spot a phishing email:
Example of a phishing email from someone posing as the head of the World Health Organization (WHO), and asking recipients to donate money to a coronavirus fund.
While this is a time to come together and support one another, unfortunately cyber crime doesn’t stop. And, cybercriminals follow the headlines to try and capitalize on the public’s fears. The U.S. Federal Trade Commission issued an advisory to not click on any links from unknown sources. You should always get COVID-19 information from verified and trusted sources, like the CDC, WHO, and credible news organizations.
Your employees are part of your security solution (the most important part!) not the problem. A strong cybersecurity profile, just like any other aspect of your business, necessitates having a clear plan and training. Employees need to understand what the correct process is for communicating data and to avoid risky behaviors. Here is a helpful blog post from Vector Solutions on how to protect your remote workers from cybersecurity threats.
The SafeSchools Online Training System includes a suite of IT courses to help educate your staff on cybersecurity:
For students, we offer Digital Citizenship courses for grades 6-8 and grades 9-12.