Cyber Security Back to School List
By: InfoSecUnPlugged
It’s that time of the year again!
We are quickly approaching the end of the summer. And for a lot of us are we preparing and/or possibly celebrating our children returning to school. As the first day of school approaches, parents all over the country are running to malls, Targets and Walmarts to buy clothes and everything on their ridiculous back to school supply list (I will save that rant for another day).
Years ago, when parents prepared for their children’s upcoming school year, they went to the store and bought supplies like notebooks, pens, pencils, rulers, and calculators. These days, parents are buying most of those things, but they are also buying things like laptops, tablets and USB memory sticks or cloud storage,
The reason for this is because if your children’s schools are like mine, then they recommend your child bring their own technology devices to school so they can use them in class. Although this is convenient, it also comes with risks to the overall security of your child’s device. It should also be noted that you need to make sure your child’s device is secure because the school’s network might not be.
(*Please note that Alpha CyberSecurity LLC is a NordVPN, WebRoot, Amazon and LastPass affiliate. When an item is purchased using one of the links provided, Alpha Cyber Security receives a small commission. However, I personally own every one of the books listed and I will NEVER sell or recommend a product that I have not used personally or have no personal knowledge of. For more information, please see the Terms and Conditions page. )
Why you Should Not Trust the School’s Security
Attackers are targeting school networks more frequently. For an example of this, look no further than Louisiana. Recently, three school districts were hit with ransomware and the governor declared a state of emergency. However, it was not here that I learned the need for cyber security in the education system.
Early in my tech career, I didn’t think schools and students were big targets for cyber security attacks. Then I worked for a school district in Connecticut and realized how wrong I was. It was there where I learned most of what I know in cyber security. My first (and second) experience with ransomware was in a school system. I was introduced to computer forensics after an incident at a school. Finally, I decided I wanted to get into penetration testing after looking into a vulnerability found on a school server. However, I learned of other non-technical factors that prevent updating and securing networks and devices.
Every year, budget constraints, politics and personal grudges prevent the appropriate measures from taking place. We did the best we could with what we had (which wasn’t much). When they wanted to introduce a Bring your Own Device (BYOD) program, it made security even more complicated.
Things like using unencrypted Wi-Fi that transmits your network data in plain-text. Or clicking malicious links and getting infected with malware or ransomware. Malicious attackers gaining unauthorized access to things like files or even cameras and microphones. These are all possible and common attacks people face every day. However, recent reports have shown that attacks like these are some of the biggest threats school systems and our children who go to these schools face.
After my own personal experiences working in a school system, I will be the first one to say that you can not trust that the schools’ networks. Several school district’s networks are not properly equipped to protect your children’s data. I am not bashing the technology teams at these schools. More than likely, it is not their fault. Like I said earlier, there are LOTS of things that can keep them from doing things properly that they have no control over. So, to them I say keep fighting the good fight! But the fact of the matter is that as parents we must protect our children. We protect their physical bodies, we protect their well being and mental state and, in a time where tech is king, we must protect their data and privacy.
With that being said, I have created a small list of things you can do to get your kids’ technology devices ready for the upcoming school year as well as some things you can do throughout the year to keep them as secure as possible.
Keep Your Devices Up to Date
One of the biggest ways malicious attackers gain unauthorized access to a device is out of date software or misconfigurations. Things like ignoring those annoying Windows updates or deciding to wait until later and eventually forgetting to update Adobe Reader or Java or other software installed on your machine. As annoying as those update alerts may be, they need to be addressed as soon as you get them. These updates contain fixes for the operating system or software as well as patches that may address security vulnerabilities that were discovered.
So just download and install the updates and reboot the machine at least 1 – 2 times a week. Or don’t install the updates and make yourself vulnerable to cyber attacks.
Use Anti-Virus and Scan Regularly
Anti-virus is a must have for any computer that has access to the internet. It is equally if not more important to keep your anti-virus updated with the latest virus definitions. Attacks like viruses and ransomware sometimes get sent as file attachments are becoming more popular and more sophisticated. Not having proper and up to date anti-virus to help minimizes the risk to your computer and data is extremely risky and irresponsible.
Malware, adware, spyware, ransomware, trojans that add your PC to a botnet for other attacks like Distributed Denial of Service (DDoS) and more are all examples of what can happen to an infected computer over the internet. Having bad or no anti-virus protection increase the chances of you becoming a victim.
In addition to having anti-virus installed, it is imperative that you use the anti-virus. Update and run scans multiple times a week. Also, if you receive an email with attachments, scan the attached file before opening or running them
So, which anti-virus software should you get? PCMag.com lists the top anti-virus software out along with their pros and cons. One that I strongly recommend is Webroot. I personally use Norton and Webroot, but I prefer Webroot and have installed it on all of my family member’s computers and mobile devices. In addition, Webroot also updates and scans your machine automatically so that is an added convenience that you don’t have to worry about. You can buy Webroot anti-virus online here.
Webroot SecureAnywhere Anti-Virus
Use and Protect Strong Passwords
Using strong and unique passwords is your first line of defense between your personal information and a malicious attacker looking to steal it. An example of a strong and unique password includes each of the following:
Long – at least 12-15 characters
Mixed – Combination of uppercase and lowercase letters as well as numbers and special characters. Also use spaces if possible
Never Repeated – Never use a password more than once. If one account gets compromised, then every account that uses the same password is at risk
Memorable to You – Make sure the password is something you can remember. Use something like a passphrase.
Another suggestion is to use Password Managers. These applications generate strong, unguessable passwords for you and stores them in their vault. When you access the site or program with a stored password, the password manager auto-populates the fields for you. However, you must come up with a strong, memorable master password to use the password manager. Do not lose or use a weak master password. You lose the master password, you lose all your passwords. You use a weak password and someone cracks it, they have all your passwords.
Password managers you can use are listed below:
Your student may get passwords from school that can’t change. Make sure to tell your kids to NEVER share their passwords with anyone.
Cover Webcams
This one is pretty self-explanatory. When malicious attackers gain access to technology devices, they gain control over several components and features on the targeted device. One popular component they access is the built-in webcam. There have been several cases of attackers watching and listening to their victims without the victim even knowing.
A simple answer to this possible attack vector is to get a camera cover or even a piece of tape to cover the camera lens. This way, if someone gains access to your webcam, they won’t be able to see anything.
Use a VPN on Open Wi-Fi Networks
Anytime you connect to the internet wirelessly, especially one you don’t know or one that is “free” or “open”. You should never trust it! This also applies to school networks. Always think of open wireless networks as insecure and unencrypted. In other words, there is a strong possibility that your information is being transmitted in plain-text. As a result of network data being transmitted in plain-text, someone on the same network with a simple application can see what is being passed on the network. This includes usernames and passwords. I repeat, NEVER TRUST THE OPEN WIRELESS INTERNET!
If you are going to use public Wi-Fi, then use a virtual private network or VPN. VPNs will hide your IP address and above all, it secures your internet traffic and data by encrypting it and passing it through a tunnel. Not even your internet service provider will be able to see your network traffic while connected to the tunnel, making it difficult to intercept and read your data.
How NordVPN works
There are several highly recommended VPN services. Personally, I recommend NordVPN’s service. The subscriptions are affordable and have sales like a 2 year license. Also, the VPN is easy to use and secure. In addition to that, Nord claims to not log any personal identifiable information and have backed up their words with a recent audit.
You can read more about why I recommend using a VPN here.
Be Careful of What You Open and Click Online or from Emails
Attackers make malicious links files, videos or website and send emails or messages via text or social media to unsuspecting user tricking them to click the link or provide their username and password. The user clicks the link and unknowingly gives the attacker access to their device. This is a common attack is known as phishing.
For example, a man from Georgia was sentenced to three years in prison for pretending to be an Apple representative. He tricked several athletes, celebrities and musicians to give up their passwords and answers to their security questions. The man then used that information to access the accounts, lock the victims out and steal their credit card information to purchase several things like airline tickets, rental cars and eating out a restaurants.
Here are a few tips to help you avoid becoming a victim of phishing:
Open messages from trusted sources only and always be careful of links
If you do see a link that is questionable, try hovering over the link to see the address. However, in some cases hovering over the link can still trigger the exploit. You can also use a link scanner to test if the link is malicious
Pay attention to the actual email address or source of the message. It may look like a real and trusted email address. But there might be some subtle differences in the domain name or misspellings and grammatical errors that you may miss at first glance
Most banks and organizations will not call or send you messages asking for your credentials or to change your password
For more information on phishing and tips on how you can protect yourself, read this article here.
Back Up Your Data Regularly
You’re a victim of a ransomware attack. Will you pay the ransom?
What if you get a virus and you have to reinstall the operating system? Or, your computer crashes and you’re forced to buy a new computer. What happens to all of your files, documents, pictures, music and other data?
If you don’t have your data backed up, you lose it for good. If you haven’t backed up your data recently, then you stand to lose a good portion of your data. Therefore, I recommend you back up your data on a regular basis!
If you’re hit with ransomware or your device crashes, simply remove your computer from the internet, reinstall your operating system or revert your computer to the last image you made. Next, move over your data from your most recent backup.
In addition, I recommend using an external drive to back up your data. This allows you to back up your data to an external source that you can keep in a secure location.
Here are some external hard drives I recommend:
Another option is to buy cloud storage space from providers like Dropbox and Microsoft OneDrive. You can then back up your files and assignments to Dropbox or OneDrive and access it from any device anywhere as long as you have an internet connection.
Here is another blog post I wrote on why you should back up your computers on a regular basis!
Check out my four-part ” Keep Yourself Safe Online” series of articles. I explain some of these tips in more detail as well as provide more information on what you can do to protect your devices and data. I listed them below
Please remember to like, comment, share and follow me:
Also, if you want to hear about the experiences of other Cyber Security professionals, check out my show “InfoSec Unplugged“! Live every Thursdays on my YouTube channel and Twitter.
Furthermore, If you like my work, you can buy me a coffee and share your thoughts!