Most people would assume that hackers wouldn't bother with schools. Most would assume hackers would target financial institutions. Most would be wrong. Hackers do target K-12 schools. There are a multitude of reasons why attackers would target K-12 districts. I could drone on and on about these possibilities, but I'd rather focus on preventing such attacks here at our district.
Our network has multitude of protections already in place. We have a firewall that only allows permitted traffic through. We have web filter that can prevent us from visiting malicious sites which may try to install malware on our computers. We have anti-virus software installed on all our machines. We use Gmail, which has the best SPAM protection features out of all email services available.
 |
| Stuff Posing As Mail - Image by Clker-Free-Vector-Images from Pixabay |
Despite all of these protections, we are still vulnerable, and that vulnerability lies within you and I: the user. We, as users, are the first and most targeted line of defense. Attackers target users because they are the easiest target to exploit.
In 2016, 91% of successful data breaches began with a spear phishing email. Spear phishing is a type of phishing email tailored toward a specific target. For instance, a spear phishing email to a teacher might try to trick you into revealing your PowerSchool credentials. Spear phishing emails will be relevant to your job, and will often look completely legitimate.
But what can I do to be more vigilant?
I'm so very glad you asked. I was just getting there.
Always Be On Guard In Your Inbox
First and foremost, be suspicious of any email you receive from an untrusted sender. Look at the sending email address. Is the sending email address from a legitimate domain? If the email appears to be from ROD yet the email address is office@bhm.az we can be absolutely certain the email is fake as we know ROD's email domain is @rodspecialed.org. |
| This email tried to look like is was from ROD, but a quick glance at the email address shows it's not. |
Check the grammar of the email. If the email contains typos or poor grammar, chances are it is fake. Hackers, for all their technological savvy, are notoriously awful with prose. Especially if they are from a foreign country.
I hate to say it this way, but you should also be aware of your place on the totem pole. The higher up you are the more likely you are to be targeted. Administrators and Principals are more attractive targets to hackers simply due to the amount of resources they have access to.
Can You Spot A Phish?
Jigsaw, a subsidiary of Alphabet (the company who owns Google), has created a short quiz you can take to test your phishing awareness. You will be presented with 8 different emails - some legit and others not. You will be asked to determine whether each email is phishing or legitimate. After each example the quiz will let you know if you answered correctly, but more importantly it will show you all of the clues in each email that should have tipped you off.
Watch this EdPuzzle
I encourage you all to take the time to use the resources above. Protecting our network, data, and, more importantly, our student information, requires work on all our parts.
No comments:
Post a Comment