Technology is integral to the modern classroom, and yet, Australian schools are under attack. Research from the Australian Cyber Security Centre (ACSC) shows that education is now one of the top five sectors for cybersecurity incidents. There is one attack in the education sector every two hours.
What’s more, the kinds of attacks that cyber criminals are utilising are increasingly sophisticated and something that students can easily fall for. As noted by Norton, cyber criminals are tapping into FUD – “fear, uncertainty and doubt” – to confuse and deceive people into handing over details. FUD attacks are effective because even the most tech savvy individual can be panicked into making a rash decision. For students with less experience in computers, such psychological tricks can be overwhelmingly successful.
One of the most common examples of this in action is with tech support scams. The cyber criminal will cause a pop up or similar to appear on the computer, with a message to the effect of “your PC is at risk!”. Then, having made contact with the target, the criminal will get them to install software that gives them control of the PC, or installs malicious software like ransomware. Students might not be at risk of handing over credit card details, but they can still provide enough information to commit identify fraud, and cyber criminals are increasingly looking to turn their target’s computers into unwitting cryptocurrency miners, which can slow the computer to a crawl, and rapidly degrade the equipment (which drawing massive amounts of power).
The other reason that these attacks – which are really just applications of phishing – are so popular with cyber criminals is because they’re easy, and can even be launched from free software and cyber crime-as-a-service providers. As noted on a Norton blog article: “Phishing kits are easy to use, and they allow anyone with minimal technical skills to become successful phishers. Before involving any victims, the phisher creates a website with a look and feel of the legitimate website they are trying to spoof, making it difficult for an average user to distinguish between the real site and the fake one. The easiest way to achieve this is by using a phishing kit.
“After configuring and uploading the phishing kit to a web server either compromised or owned by the phisher, a phishing email is sent to victims, leveraging social engineering to lure the user to click on a link to the spoofed website.”
The challenge that many educators and parents face in trying to protect students from these attacks is the lack of resources. Norton notes that many of the most effective anti-phishing technologies, such as email gateways, are enterprise-level solutions with consumer-level technology to counter the threats being far less common.
What can be done to help students?
As Norton notes, the first step in protecting students from these attacks is to teach them awareness and best practices. “Be aware of suspicious messages that prompt you to click on a link or open an attachment. If you are unsure about a message, go to your web browser and go directly to the organisation's website,” Norton notes. Furthermore, students should be made aware that any phone number that pops up based on a warning on their computer should be treated as suspicious. If the student remains genuinely concerned, then they should reach out to the company in question directly, talk to their parents, or the school’s IT security team.
Investing in an adequate level of security protection for individual devices is also important. It might be difficult to prevent a phishing attack from reaching a student, but that student’s computer can be protected from many of the nasties that the phishing attack aims to install on the computer.
NortonLifeLock technology, for example, is highly effective at proactively dealing with threats. For the July-September quarter last year alone, NortonLifeLock was able to:
- -Block 859 million total threats.
- -Block nine million+ threats each day.
- -Block 41 million file-based malware software installations.
- -Block 52,000 ransomware detections.
- -Block 310,000 mobile-based malware files.
In addition, while phishing attacks are hard to proactively prevent, especially if there’s a social engineering component to them, NortonLifeLock’s technology is effective, and prevented 14 million phishing attempts.
Another critically important security measure is the firewall, which prevents files and data from entering a computer (or being extracted from it) without the explicit permission of the user. An effective and efficient firewall, such as Norton’s Smart Firewall, will prevent unauthorised access to your computer. Then, Norton’s Intrusion Prevention System (IPS) will deeply inspect data that is allowed through to monitor for further risks. These two pieces of technology, in collaboration with one another, can greatly reduce the risk of malware getting on to the computer, even if the user has made an error in judgement.
Finally, there needs to be some sort of contingency in the event that the worst happens and the device is infected. Here, Norton’s Cloud Back Up can prevent the user from losing everything, by providing easy and frequent backups and the ability to quickly restore data if the need arises.
Norton takes the cyber security of students seriously, and it is running a back to school special on various Norton products, including the flagship Norton 360. Parents and students can save up to $91 on technology that is proven to address the security challenges facing the modern student.