By Wong Joon Hoong, Country Manager, Sophos Malaysia,
Universities and tertiary institutions are beginning to reopen with Malaysian students returning to campuses in stages from March. In preparation for their return, COVID-19 guidelines are being implemented to keep students and teachers safe. However, schools should also be implementing cybersecurity practices to keep students and teachers safe while online.
Educational institutions especially older ones tend to run on older technology and software, making them more vulnerable to cyber-attacks since legacy systems are more difficult to update. Furthermore, many students and teachers may not be following cybersecurity best practices with their devices. Ultimately, this creates the potential for hackers to wreak havoc on educational institutions.
The State of Ransomware in Education 2021 – a global survey conducted by Sophos found that the education sector as a whole experienced a higher level of ransomware attacks than any other industry. With the back and forth shifts from physical to remote learning, cybercriminals are devising new ways to leverage malicious techniques such as phishing, ransomware, social engineering, and more to pull off attacks.
Here are four tips on how students can protect themselves online as they return to school.
- Don’t share passwords
As a student, you will need to log into your university’s accounts with a username and password whether you are on campus or logging in remotely. Be cognizant that your account login is on the radar of cybercriminals. It is crucial to not share your login details with anyone even if they are your friends, and do not re-use passwords.
Hackers can penetrate easy passwords and password sharing to steal credentials and potentially compromise more accounts for other online services if the same email and passwords are being used.
Always use a strong username and passwords for every account and device. Consider using a password manager to generate strong passwords and to keep track of all your logins.
- Think twice before clicking
When using email – either your university’s email or personal email – you need to remain vigilant for phishing attempts.
There are understated differences that give away a phishing message. Look for spelling and grammar errors in the body of the email and check the email’s domain. You might be asked to share details such as account login credentials. This should get your “Spidey senses” tingling.
Often, phishing emails will ask you to click on links to trick you into downloading malware or putting your login details onto a fake website. Before clicking on a link, hover your mouse over the it to check where it will take you. When you see the address or path, you will see tell-tale signs that the email is phishing for your personal info.
- Secure remote access
With online learning, both teachers and students will frequently access cloud-based learning tools such as file sharing applications, email, apps, etc, remotely. If your remote access isn’t secure, hackers can sneak in and take control of the entire network.
Educational institutions should deploy a virtual private network (VPN) that offers secure remote access to users and protects all data that flows in and out of the VPN by encrypting it. Protect sensitive data, research, and other critical resources by allowing access to only those who are authorized, with two-factor authentication support for access to key system areas, such as user portals and web administration consoles.
- Watch out for odd behaviour
Keep in mind that even the most trusted software cannot be trusted. Imagine you are using a laptop provided by your school or university and you have been using a certain software program as part of your learning. One day, you click on it, but it doesn’t open quickly and when it does open, it behaves in an odd manner. It freezes for a few seconds before it starts up. Or maybe your laptop slows down when the software or program is running. If this is happening frequently, your software might be infected with malware. When this happens, run a malware scan and contact your school’s cybersecurity administrator immediately.
Creating a safe learning environment
When it comes to students, it is everyone’s responsibility to ensure a safe and protected learning environment. The pandemic has been a catalyst for driving rampant cybercrime and it is critical to keep updated with the latest cybersecurity tips and follow guidelines. Just as learning institutions would physically protect students on campus, this protection needs to extend online to not only protect students but the whole learning infrastructure. Schools and universities should consider running cybersecurity workshops for both students, educators and staff to create a security-aware culture.
