{"id":18232,"date":"2020-12-11T09:40:07","date_gmt":"2020-12-11T14:40:07","guid":{"rendered":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/?p=18232"},"modified":"2022-10-14T18:26:35","modified_gmt":"2022-10-14T22:26:35","slug":"hackers-targeting-schools-warns-fbi","status":"publish","type":"post","link":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/hackers-targeting-schools-warns-fbi.html","title":{"rendered":"Hackers Targeting Schools Warns FBI"},"content":{"rendered":"\n<p>The following is a non-sponsored post written by NordVPN we felt worthy of posting:<\/p>\n\n\n\n<p>The U.S. government issued <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa20-345a\">a statement<\/a> warning that cyberattacks are victimizing K-12 educational institutions. The security agencies have received numerous reports on ransomware incidents in which criminals threaten kindergartens and schools to leak stolen confidential student information to the public if these institutions don\u2019t pay a ransom.<\/p>\n\n\n\n<p>\u201cThe FBI, CISA, and MS-ISAC assess\nmalicious cyber actors are targeting kindergarten through twelfth grade (K-12)\neducational institutions, leading to ransomware attacks, the theft of data, and\nthe disruption of distance learning services. Cyber actors likely view schools\nas targets of opportunity, and these types of attacks are expected to continue\nthrough the 2020\/2021 academic year,\u201d cautions Cybersecurity &amp;\nInfrastructure Security Agency (CISA).<\/p>\n\n\n\n<p>\u201cDue to the global pandemic, remote\nlearning is gaining momentum, and so is malicious cyber activity.\nUnfortunately, educational institutions, especially schools and kindergartens, are\nnot ready for this,\u201d says Oliver Noble, a cybersecurity expert at <a href=\"https:\/\/nordlocker.com\/\">NordLocker<\/a>, an encryption-powered data protection\nsolution.<\/p>\n\n\n\n<p><strong>What makes the education sector so attractive to hackers?<\/strong><\/p>\n\n\n\n<p>The COVID-19 pandemic has forced many\nstudents to shift to remote learning, which can\u2019t guarantee security and\nprivacy. According to Oliver Noble, the chaos provides hackers with new ways to\nattack students and teachers: for example, online classrooms get \u201czoombombed\u201d\nby disruptive outsiders. \u201cThere\u2019s also an increase in phishing emails that\ntrick students and their parents into giving away personal information to\nhackers who impersonate school staff,\u201d says the expert.&nbsp; <\/p>\n\n\n\n<p>Schools and kindergartens usually lack\ndigital protection, and their systems might run on outdated software. \u201cHackers\nlook for the weakest link, and unpatched vulnerabilities in an organization\u2019s\nsystem or unsecured Wi-Fi networks don\u2019t usually take long to find,\u201d Oliver\nNoble warns.<\/p>\n\n\n\n<p>You might think \u2014 why would a hacker need\nsome student\u2019s information? A student\u2019s stolen Social Security number can be\nused by <a href=\"https:\/\/www.consumer.ftc.gov\/articles\/0040-child-identity-theft\">identity thieves<\/a> to apply for government benefits, open\nbank and credit card accounts, apply for a loan or utility service, or rent a\nplace to live. This is very appealing to hackers who sell stolen credentials\nand PII (personally identifiable information) on the dark web.<\/p>\n\n\n\n<p><strong>What practical measures can educational institutions take to protect\nthemselves?<\/strong><\/p>\n\n\n\n<p>According to Oliver Noble, to protect the\ndata of their students and employees, schools and kindergartens should\nimplement the following:<\/p>\n\n\n\n<ul><li>Secure Wi-Fi network. Students, teachers, and even administration\nstaff should operate on separate networks to limit access and restrict breaches\nto one network at a time. Hide names of administrative networks from lists of\navailable connections and protect all routers with strong and unique passwords.<\/li><li>Adopt zero-trust network access, meaning that every access request to\ndigital school resources by a member of staff should be granted only after\ntheir identity has been appropriately verified.<\/li><li>Encrypt files with staff and\nstudents\u2019 PII to avoid data leaks in ransomware. User-friendly encryption\nsolutions like <a href=\"https:\/\/nordlocker.com\/business-solutions\/health-care\/\">NordLocker<\/a>\nmake sure important information stored on the organization&#8217;s computers is\nalways protected from prying eyes with strong encryption. The tool also offers\na private encrypted cloud for easy access and secure data storage.<\/li><li>Have up-to-date backups available to keep the chances of data loss as\nslim as possible. If an attack is successful, there will still be an unaffected\nolder version of the files. Again, a cloud solution for schools is a great way\nto back up data.<\/li><li>Educate teachers and\nadministration staff on cybersecurity. Since ransomware attacks usually start\nwith a phishing email, awareness and education will help employees recognize\nphishing scams and avoid downloading malware or sharing sensitive information\nwith impersonators.<\/li><li>Use a VPN for a safe internet\nconnection. To avoid outside risks, teachers and administration staff need a secure connection, and here\u2019s\nwhere a VPN (Virtual Private Network) comes into play. It creates a secure\nencrypted tunnel between an employee\u2019s device and the internet. A VPN protects\nthe connection from third-party access, including hackers ready to breach the\nsystem.<\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The following is a non-sponsored post written by NordVPN we felt worthy of posting: The U.S. government issued a statement warning that cyberattacks are victimizing K-12 educational institutions. The security agencies have received numerous reports on ransomware incidents in which criminals threaten kindergartens and schools to leak stolen confidential student information to the public if<\/p>\n","protected":false},"author":44,"featured_media":1867,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[156],"tags":[890,300,2996],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/18232"}],"collection":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/comments?post=18232"}],"version-history":[{"count":1,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/18232\/revisions"}],"predecessor-version":[{"id":18233,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/18232\/revisions\/18233"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media\/1867"}],"wp:attachment":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media?parent=18232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/categories?post=18232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/tags?post=18232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}