Educators have lots of free time, right? Let’s go over a few of their responsibilities:
Prepare lesson plans. Organize classrooms. Wrangle students. Interface with parents. Grade homework. Participate in cafeteria and car duty. Be a disciplinarian. Maintain office hours. Go to conferences. Grade more homework… Basically, squeeze a 60-hour workweek into five days and use the weekend to prepare for the next one.
Underpaid and overworked, the people in charge of cultivating our youth rarely get the credit they deserve. Most of us couldn’t handle a day like this, let alone an entire school year. So it’s with great sympathy that we approach the matter of cybersecurity for educators.
It doesn’t matter if you teach at a public school in a massive metro school district, or a small homeschool, the need for cybersecurity is higher than ever. Not only is more internet-connected technology finding its way into classrooms, criminals are targeting school systems because, frankly, schools are an easy target. Their networks are often out of date, exposing them to security vulnerabilities, and faculty members haven’t been provided with the necessary security awareness training to protect themselves. Some of this has to do with financial and time constraints (per usual), but a lot of it is also a blatant disregard for a major problem.
Take, for example, this school district in South Carolina that got hit with ransomware, and ended up paying a $10,000 ransom to decrypt their files. The same thing happened to this school, and this school, and all of these schools, and this university.
But it’s not just ransomware attacks schools need to worry about. It’s also protecting personally identifiable information of students. There’s a lot of private information stored in school databases like birth certificates, social security numbers, medical information, even fingerprints. If proper safeguards are not utilized, cybercriminals will have a field day.
So as much as we hate to be the bearer of bad news, educators at all levels need to make cyber security a part of their routine. Thankfully, security awareness is a function of common sense and doesn’t require a technical background. And by following a few simple guidelines, we can keep our education networks out of detention.
Passwords: Longer is Stronger
Passwords are the defenders of the privacy universe. Without them, our cyber lives wouldn’t be safe. The average person has over 25 accounts, with some reports suggesting that number is closer to 90! It goes without saying that we need strong passwords for every single one. The question is, what constitutes a strong password?
Let’s run a test. Head over to passfault.com, a password strength analyzer, and play around with a few you think are strong. Here are some results we found:
PW: LogMeIn – Time to Crack: Less than a day. This is obviously a weak password that shouldn’t be used for anything. A lot of accounts will require that “passwords be at least eight characters long, contain at least one uppercase and one lowercase letter, contain at least one number and one special character.” No problem!
PW: Pr0tectMe! – Time to Crack: Less than a day. What happened here? We followed the instructions. You’re telling me that a criminal could crack this in less than a day? Obviously we need to do better than minimal requirements!
PW: kpD59lgOA0D! – Time to Crack: One month, 18 days. Alright, this is a little better. But even though it’s completely random and complex, it’s still not optimal. A determined criminal will crack this in under two months–long before the user changes it. We need to do better.
PW: The Dog Wants To G0 Out! – Time to Crack: 3,127,836 CENTURIES. Now that’s what we call a strong password! What sets it apart? Capital letters for each word. Spaces between each word. One number, effectively misspelling “Go”. One special character. It’s a phrase and not a single word. And here’s the best part; it’s easy to remember! So go ahead, criminals, try to crack this passphrase. We’ll wait.
Don’t Click on Sh*t!
If you’ve ever checked out our website, blog or social media accounts in the past, then you knew this was coming. If you don’t click, your likelihood of getting phished drops significantly. It’s very simple but still the number one reason most people get hacked. In fact, every one of the ransomware cases listed above happened because someone within the school’s network clicked on a link or downloaded an attachment.
As an educator, you handle several hundred emails from parents and students and other educators. Cybercriminals see you as a target. They will use a technique known as spear phishing where they pretend to be the parent of one of your students and send you an email with a malicious link or attachment. Know how to spot phishing emails. Not sure how? Check out this short video:
Create a Culture of Cybersecurity in Your Classroom
To piggyback off of a blog from earlier this week, we know the responsibility of teaching cybersecurity starts at home and spreads from there. But it’s on all of us to make sure the youth is armed with the right knowledge to protect themselves from online threats. Until cybersecurity and the ethics becomes a standard course, students need to be encouraged to make their cyber safety a priority. Getting them interested in after-hours programs and summer camps, some of which are free or inexpensive, is a great way to promote cyber hygiene. But if we don’t first encourage them, they won’t care.
If you happen to have time to discuss cybersecurity with your students, take advantage of free resources. We have a ton of content available that covers all matters of cybersecurity. Most of it is targeted towards organizations training employees, but all of it is centered around fundamentals and can be applied to anyone. (And one of our favorite items is this printable activity book!)
Lead by Example
As an educator, you are a leader. Leading by example is your responsibility by default. You just need to apply that to security awareness.
If you maintain good cyber hygiene—strong passwords, clean machines, up-to-date software, routine data backups—your students will take notice and mimic your habits. But this extends outside of your classroom as well. Your fellow educators are at just as much risk and need to apply the same cybersecurity habits to their routines. We often say fighting cybercrime takes a community effort. Your school system is a community that is already a major target for cybercriminals. By instigating a culture of security awareness, you effectively protect your students and fellow teachers alike. Simple things like sharing phishing scams so the rest of the faculty is aware of them makes a huge difference. This falls under the “see something, hear something, say something!” umbrella of cybersecurity. It’s as simple as starting the conversation.
That’s rather vague and rather unfair to ask of someone whose plate is already overflowing with responsibility. As mentioned, we sympathize with our educators and their impossible workload. But it is important for you to stay in the know. Keep your finger on the pulse of what’s happening in the tech. world and where the vulnerabilities exist. Follow along with the cybersecurity news on social media so you can be prepared to discuss any topics that might come up in your classroom or teachers’ lounge. Get to the know the risks associated with mobile devices. You don’t need to be an expert on cybersecurity; you just need to be aware of it.
For example, do you know what a social engineer looks like? Are you using a VPN on public WiFi? How often do you backup your personal data? If you’re homeschooling, how safe are the devices you’re using? For 10 easy, non-technical tips on keeping you and your kids safe online, watch this short video:
As always, everything discussed here requires very little technical know-how. Security awareness is based on common sense. The fundamentals are the same across all walks of life. As an educator, you have the eyes and ears of our future generations. You are our superheroes! Consider cyber awareness as an upgrade to your growing list of superpowers.
Latest posts by Justin Bonnema (see all)
- 2019 SAP Planning Calendar - December 11, 2018
- Incident Response in 3 Domains - November 30, 2018
- How the NIST Framework Improves Your Organization’s Cybersecurity - November 15, 2018