Safety Alert: COVID-19 and Cybersecurity

Last year, we saw an uptick in news stories on educational institutions and cyber attacks. That aligns with a report from the K-12 Cybersecurity Resource Center featured in Education Week that found that in 2019 cyber attacks on schools had tripled. The report partially credits the increase to more schools being so reliant on technology. Unfortunately, cyber attacks don’t show any signs of slowing down, and during this stressful time of the coronavirus pandemic, hackers and cybercriminals are taking advantage of people’s fears by using coronavirus-related phishing email schemes.

Coronavirus-Related Phishing Attacks

Phishing attacks can happen when a hacker sends a mass email to staff, pretending to be a district official and asking, for instance, for help in purchasing gift cards. But emailers can also go after employee payroll information, in order to steal employees' identity and tax information. In the case of these new coronavirus-related attacks, these emails are meant to look like official alerts from organizations like the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO), as well as trusted personnel like health specialists and even your workplace management team.

As we all are trying to stay up-to-date on coronavirus news, this makes us even more susceptible to these scams.

Here are some tips to spot a phishing email:

• Legitimate government agencies will never ask for sensitive information via email. You should never give out personal information to an unfamiliar source via email.
• If the sender is urging you to take an immediate action and provide personal information, the email is most likely a phishing attack.
• Before clicking on anything, verify that the email, sender, and link are legitimate.
• Spelling and grammatical errors are very common in phishing emails.
  
• Most phishing emails use generic greetings and probably won’t use your name.
  
• If the email contains information on a vaccine or treatment, delete it. You wouldn’t find out about a treatment or vaccine via an email from an unknown source.
• Do not donate if you are asked to send cash or wire money.
  

Example of a phishing email from someone posing as the head of the World Health Organization (WHO), and asking recipients to donate money to a coronavirus fund.

Employee Training is Critical to Help Prevent Cyberattacks

While this is a time to come together and support one another, unfortunately cyber crime doesn’t stop. And, cybercriminals follow the headlines to try and capitalize on the public’s fears. The U.S. Federal Trade Commission issued an advisory to not click on any links from unknown sources. You should always get COVID-19 information from verified and trusted sources, like the CDC, WHO, and credible news organizations.

Your employees are part of your security solution (the most important part!) not the problem. A strong cybersecurity profile, just like any other aspect of your business, necessitates having a clear plan and training. Employees need to understand what the correct process is for communicating data and to avoid risky behaviors. Here is a helpful blog post from Vector Solutions on how to protect your remote workers from cybersecurity threats.

How SafeSchools Can Help

The SafeSchools Online Training System includes a suite of IT courses to help educate your staff on cybersecurity:

• Browser Security Basics
• Cybersecurity Overview
• Email and Messaging Safety
• Password Security Basics
• Protection Against Malware

For students, we offer Digital Citizenship courses for grades 6-8 and grades 9-12.