Schools and universities are opening up for Fall. Many are offering online or hybrid courses. Implementing new technology comes with growing pains. In an ideal world, malware wouldn’t be one of them. Unfortunately, a recent report indicates that cybercrime attacks have greatly increased over the summer. “K-12 institutions have limited resources to dedicate to network defense, leaving them vulnerable to cyber attacks,” a recent FBI report stated. Because of this, students need to have a professional antivirus solution.

Schools are a Target

The problem is that “[schools] have smaller professional IT staff, they may be running older computers and older systems that may not be as well patched.” (Source) For these attacks, hackers don’t care about the size of the target. It’s the fact that it’s easy. There’s no sympathy for disrupted lives. Schools cutting their cybersecurity budget just makes life better for cybercriminals.

While K-12 schools may be targets for cybercrime, universities and college students are also at risk. Over the summer, Blackbaud was hacked. They’re a provider of education information and systems. This allowed the hackers to gain information on both students and alumni at schools in the UK, US, and Canada. Fortunately, Blackbaud was able to detect and stop the criminal activity while it was in progress. A number of their clients reported that they were unaffected.

Other schools have not been as lucky. The University of California paid a $1 million ransom after a cyberattack hit their school of medicine. Originally, the hackers had been asking for 3 million, but a negotiator was able to bring down the cost. While no cybersecurity professional would recommend paying a ransom, the school’s administration felt they had to.

The University of California thought the price was worth it for the data, but most students and parents do not have that kind of money. They need to be wary of certain security concerns to make sure they don’t become a victim. These include email phishing, free tools, RATs, and Zoom Bombing.

Email phishing

According to the FBI, “Email phishing presents one of the biggest online threats for students returning to classes virtually.” A student’s first line of defense is to be wary about what they read in emails. Look for red flags and avoid clicking suspicious links, even if they seem to be from someone they think they know. If a student is unfamiliar with phishing emails and how to detect them, we’d recommend the following posts as a crash course:

– UNICEF College Scam Job Offers
– Bogus Login Notification Email Uses MSG Attachment to Deliver Phishing
– Phishing During COVID-19
– Business Email Compromise : IMG File Attachment Contains REMCOS Rat
– How to Deal with Phishing

One way to verify if an email is legit or not is to write a separate email to the author to verify if the message was sent by them or not.

Recovering from a phishing attempt depends on what type of attack vector was being used. If it was an attachment, then the student will need an antivirus to protect them. It’s better to use one with active protection so the attachment will be scanned if its payload is enabled. Similarly, you’ll want an antivirus able to detect and block malicious urls. VIPRE Antivirus Plus and its big brother, VIPRE Advanced Security, both offer these features.

Free Tools

One security concern parents may not be considering is the privacy of their children as they download free tools. Also, college students may not consider the possibility of someone gaining access to the files and images stored on (or synced to) their devices.

An early line of defense is to read customer reviews. Negative reviews can expose fraudulent applications. Also, simple seeming apps like a calculator should not cause a spike in data or battery use. Cyber-criminals have a few tricks for getting malicious apps through stores’ detection methods. While the first party stores (Microsoft, Google Play, etc.) are less likely to let something through, it still happens. That’s why a student needs to be wary when installing free apps.

On desktops, it’s a different game. One should always customize an installation of free software to avoid potentially unwanted programs. They’ll be installed as part of installing some other software. This technically gives the PUPs user consent to be there. However, these end up being the applications that have people saying things like, “I didn’t install that. How’d it get on my computer?” Sometimes these PUPs are annoying or even just benign. Other times they may take a more gray ware stance and behave similar to malware – downloading and installing other applications or collecting data.

Now, many modern apps will collect usage data to improve their products. However, a reasonable concern would be, “Do I want this company to collect my child’s information?” In this situation you’ll want to use privacy tools.

VIPRE Privacy Shield offers tools to scan a device to see what information is secure on it. It’s useful for protecting one’s privacy from software that isn’t necessarily malware. Similarly, having a VPN is useful for keeping one’s online activity private. If a student’s school doesn’t provide them with a free VPN, then we would recommend using Internet Shield VPN to safely access school networks.

RATs

One thing to be aware of is Remote Access Tools. They may be installed in order to allow teachers to have access to devices and to collaborate on work. However, not all RATs are good. You’re going to want to counter potential abuses with a solid antivirus and a good VPN.

Schools themselves also need to be wary of these types of attacks. The FBI issued a Private Industry Notification to schools warning them that “cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning.” Allowing RDP, a Remote Access Tool called Remote Desktop Protocol, on school networks could leave the school networks vulnerable to attacks. The best defense a school could employ would be forcing students to use a secure VPN to access information and to use enterprise-level security products.

Zoom Bombing

Along with the above, it’s useful to know how to resist Zoom bombing. If you’re unfamiliar with it, Zoom bombing is primarily a harassment technique. Hackers and trolls try to gain access to Zoom sessions in order to disrupt them. This is more of a concern for educators or collaborative environments where students may need to create a Zoom session. Tech Republic offers five tips to prevent Zoom bombing. However, there are two we want to highlight.

First, don’t use your personal meeting ID. Always generate a random meeting ID. This is because it’s much harder to guess both a meeting ID and a password. If you always use a static meeting ID that ever accidentally leaks to the internet then you might see some unwanted guests.
Second, use the waiting room feature. Anyone trying to access the Zoom session will be placed into a waiting room until the host lets them into the call. It may seem a little tedious. However, it’s better than having random hackers simply pop into the session.

The Final Word on Security

If you’re concerned about a student’s security and privacy, then we would recommend VIPRE Ultimate Security. It combines the antivirus protection of VIPRE Advanced Security with the privacy protection elements of VIPRE Privacy Shield and Internet Shield VPN. Right now, the whole bundle is being offered at 65% off as a part of our back to school sale. You can buy it here today.