This article is an expanded version of the “2 minute tech talk” I gave to the Fort Lee Regional Chamber of Commerce on September 16, 2020.
I spend time each day reading technology publications, newsletters, and Google Alerts about data breaches and cybersecurity. I do this because it is my responsibility as a Technology Solutions Provider. Based on recent trends, I believe that the general public is not aware that the COVID-19 pandemic has created a unique environment for attackers.
Every business sector faces the problem of how to define the appropriate level of cybersecurity. A significant challenge for businesses is that they have most of their staff working from home for the first time. Their traditional approach was to keep untrusted devices off their networks. With that premise upended, business owners must now contend with a new wave of threats from unpatched home computers running on unsecured home networks.
Cybercriminals invariably seek to exploit vulnerabilities of institutions. Unfortunately, many school districts are unprepared for this new challenge and are potential victims. On top of dealing with everyday issues like cyberbullying and sexting, the education sector faces some unique challenges.
First, it is a leading target for attackers. According to Microsoft Security Intelligence, the education sector accounted for 60 percent of all reported enterprise malware in the past 30 days. Since September 1st, a half-dozen schools have experienced ransomware attacks, including the Somerset Hills school district here in New Jersey.
Second, the education sector frequently uses older systems, and one of the most significant vulnerabilities is the continued use of Windows 7. Microsoft ended support for this operating system in January, which means it is no longer issuing patches for new security vulnerabilities. According to a study released in the spring, roughly 10 percent of the nation’s schools are still using Windows 7 computers. Many students may be using these older machines at home because it is common for children to be using older, hand-me-down devices.
States and school districts need to dedicate money and resources to ensure students can learn in a secure environment. However, financing the requisite level of security is problematic. Governor Murphy initially slated increased funding in the 2020 – 2021 budget but had to revise that downward after the pandemic began. For example, the Fort Lee school district’s budget was pared down by $352 million.
I hope learning about cybersecurity will eventually become part of the K-12 curriculum. That will require new coursework and additional funding. It would behoove the state to invest in more training and support for teachers, staff, and students to learn and practice good cyber hygiene to keep everyone safe.
If you are unsure how your school is implementing security measures to protect their students, contact the district office and ask. But keep in mind, there are two sides to the remote learning equation: The school’s and yours.
Here are five steps you can take to improve the security posture of children attending K-12 via distance learning.
- Make sure you are using an updated Windows 10 computer, an Apple computer running Catalina, or a Google Chromebook.
- Windows computers should not use a free internet security product because it will not protect your computer from most malicious attacks.
- Make sure your home Wi-Fi network router has the latest firmware update, that you use encrypted protocols, and that you employ a complex password.
- Check for router firmware updates twice a year (just like you test your smoke detectors when we enter and leave Daylight Savings Time), and change your password each time you update it.
- Ensure that your home network has a secure connection to the school district’s resources, preferably through a VPN.
Note that these are also useful practices for anyone who is working remotely from their office.
Thanks, and safe computing!