The global COVID-19 pandemic has forced millions of children to forego their schools in exchange for hours each day in Zoom or Teams classrooms.

The shift also forced educators to work many extra hours to ensure the quality of online education is just as good as learning in person. This move to online learning is one of the chief technological benefits in the “new normal” that Lenovo CEO Yuanqing Yang discussed in his keynote address at Lenovo’s annual Tech World event.

Unfortunately, teachers and students aren’t the only ones spending time accessing online school sites. Hackers and cybercriminals see all those online schools and students as another target for mischief – and for stealing personal information.

Cyberattacks on schools didn’t start with the COVID-19 pandemic. From January of 2016 until July of 2020, schools in the United States had suffered 855 such attacks, according to the K-12 Cybersecurity Research Center. Yet attacks have soared this fall, with almost 200 additional attacks reported since July.

TechRepublic reported that in July/August 2020, cyberattacks against educational facilities rose 30% compared to May/June 2020, when school year ended.

The vulnerabilities can be just as risky for each of the millions of students spending their entire school days online. This is especially true when parents work all day – whether at home or not – and aren’t around to ensure software is up-to-date or to review suspicious emails.

So what can schools, parents, and students do to make their online learning more secure? The answer lies in an array of steps on both the macro level – ensuring schools are providing a secure platform for online education – and the micro level, where students and parents ensure they follow strong security practices, according to Paul Stapleton, Executive Director of Global Product Security for the PC & Smart Devices Group at Lenovo.

Stapleton has worked with both sides of this security challenge. As Lenovo’s head of product software security, he works to ensure both the security of Lenovo’s products – the laptops, desktops, and tablets students now use for school – and of enterprise-level services such as LanSchool, comprehensive classroom management software offered by Lenovo.

For schools, providing a safe, online environment for students was a top priority even before the pandemic shifted so many students to online learning. In fact, in the United States, federal law requires schools to block Internet access to material that is considered harmful to minors. Yet with COVID impacting many schools’ budgets, many have had to make spending cuts – and security is often one of the first things to go. Hackers know this and have ramped up attacks against schools this year. The threats are greater than inappropriate material; hackers and cybercriminals also attack the online platforms of school systems seeking to deploy malware and ransomware and steal sensitive, personal data.

The best-in-class solutions for school districts utilise artificial intelligence to identify malicious content in real-time instead of relying on static databases, which could be out of date. In cases where school districts have provided laptops to students, the district should provide consistent, strong security across those devices. Check in with your school to see what security measures they have deployed internally and on the laptops they provide to students.

“When the schools give out laptops, the schools often install security controls to ensure each device is properly hardened, that the machine is regularly updated, and that the VPN connection to the school is properly secured,” Stapleton said. “Students should not be able to install software on their own, only the schools should be able to install apps to these devices or change their configurations.”

On the micro level, students learning from home really aren’t much different than their parents who are working from home. The added risks for students comes from home or public networks that might not be as secure as corporate networks, which have dozens of security controls and a dedicated security team. Due to this home users are often more susceptible to hacking and to scammers.

When Lenovo switched to work at home, Stapleton sent his own team – all IT workers – tips to stay safe at home that also apply to students learnings at home and their parents. These include:

  • Make sure to change the default password of your home router to a strong, complex password.
  • Keep your software patched and up-to-date.
  • Have a separate password for each account, otherwise you’re just making it easier for hackers.

One of the most significant security threats in online environments remains dangerous because prevention relies on each individual user, in this case the students themselves. That threat is phishing.

Phishing is when a scammer sends email that looks like it’s coming from a credible source to trick the recipient into clicking onto links that start malware to steal personal information. Phishing has become more dangerous as cybercriminals make the emails look like they’re coming from the government, your bank, an online gaming company, or even your school, making it harder and harder to recognise the fakes.

“It’s an old technique but most attacks happen through phishing,” Stapleton said. “Phishing is still very successful and everyone – students, teachers, and parents – need to be careful every time they click on an email. If an email, phone call, or online message seems odd, suspicious or too good to be true, it may be an attack.”

The best defenses against phishing are patience and common sense. Watch for simple misspellings in email links and in the spelling of email addresses that emails come from. A link may take you to citybank.com, or Citibank.co instead of Citibank.com. Or an email may appear to come from a school like johnwsmith@centerville.k12.oh.us but the hacker will change the website domain to one they control that looks similar such as johnwsmith@centerville.k12.oh.edu.

Also, be careful about what sites you visit. You may browse to a website that launches popup windows with ads that look enticing but if you click them your machine could immediately be owned by a hacker. Only purchase things online from known and well-trusted companies with extensive security measures in place. Companies like Microsoft and Amazon spend billions of dollars on security each year.

Security education and awareness is key to your safety. Stapleton recommends SANS security training materials, including many free resources for learning how to better secure your data, identity, and privacy. Here is one link to some of those resources: https://www.sans.org/security-awareness-training/secure-your-kids.

The hard truth remains that nothing connected to the Internet is ever perfectly secure, and that adage also applies to online education. By operating each day using strong security practices, you can help ensure that your online education experience is a safe one.

Anonymous