Securing your kid's tech for the modern classroom
Prepare for the upcoming school year
The risk of cyberattack in distance learning is significant
It’s one thing to offer college and post-graduate students online classes. It’s another thing to ask kids K-12 to move to a 100% distance learning environment—practically overnight. Yet, that’s what many parents have had to do as a result of the Covid-19 pandemic.
Today, as we near the one-year mark of this new learning paradigm, we know two things for sure: Getting kids dialed into distance learning is not easy; and the risk of cyberattack inherent in distance learning is significant.
The 3 main threats to successful distance learning
Citing a late-2020 uptick in ransomware attacks, the FBI is actively warning the public of cyber threats to distance learning. They’ve joined forces with the Cybersecurity & Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) to publish an assessment of the different ways that K-12 distance learning environments are being threatened by “malicious cyber actors.” Here’s a closer look at what this assessment reveals:
1. Ransomware
In a distance learning environment, you have many different people, on many different networks and computers, accessing a variety of different systems. Unfortunately, these are prime conditions for a ransomware attack, in which data, systems, or other digital assets are held hostage until a cash ransom is paid.
According to the same Joint Cybersecurity Advisory alert mentioned above, K-12 environments accounted for 57% of ransomware attacks in August and September of 2020. A September 2020 ransomware attack in Los Angeles disabled a school district’s server and email, bringing distance learning to a halt for some 6,000 students. A November 2020 ransomware attack in Baltimore yielded similar consequences.
What ransomware creators are after
- Access to school computer systems so they can slow or block access and normal function
- Confidential student and/or teacher data that can be held for ransom
Ransomware best practices for parents
Most distance learning-related ransomware attacks target the educational institutions themselves. Thus, the responsibility for ransomware mitigation is mainly on your student’s school or school district. However, here are some useful preventive measures for parents:
- Back up your data frequently
- Keep a full backup of each of your machines on an offline asset (an external hard drive, for example)
- Keep all software and operating systems updated, as attackers can leverage unpatched vulnerabilities
2. Distributed denial of service (DDoS)
Despite its complicated moniker, a DDoS attack is based on a simple concept: Quietly infect a network of computers and use those infected computers to spread malware, send spam, disrupt system operations, and so on.
What DDoS crooks are after
- Infect and control a large number of computers (this is called creating a “botnet”) and use them to:
- Disable access to a website or service
- Spread malware that can damage systems and steal data or money
- Spam a large volume of people at once, including phishing emails
DDoS best practices for parents
Similar to ransomware attacks, protection against DDoS attacks falls heavily on the shoulders of school administrators. The main step that parents can take against DDoS attacks is to protect all of their home devices with advanced internet security software.
3. Zoombombing
While less damaging, arguably, than ransomware and DDoS attacks, so-called “Zoombombing” can be extremely disruptive. With so many distance learning environments using Zoom video conferencing as a digital classroom, some bad actors have found a new tactic: Infiltrating Zoom meetings and hijacking control to display rude, offensive or explicit content.
What Zoombombers are after
- To disrupt classroom environments
- To get attention and relieve their boredom
Zoom best practices for parents
Many defenses against Zoombombing, such as requiring meeting passwords and using an attendee waiting room, are up to the meeting organizer. But at a fundamental level, parents should make sure their children have set very strong Zoom passwords.
It’s important to make sure your own kids aren’t participating in Zoombombing themselves, either by perpetrating the prank itself, or enabling someone else by sharing meeting credentials. It might seem harmless, but it’s a waste of valuable learning time with the potential to expose kids to hateful or disturbing content.
In distance learning environments, best practices matter
Ask any teacher tasked with managing a remote learning environment. They’ll tell you that they’re spending more than half of their time on technical support. Kids need help logging in, making Zoom work properly, and so on. Distance learning is an adjustment for everybody. Unfortunately, this creates all kinds of security vulnerabilities, some of which we’ve covered above.
Beyond protecting against specific threats, such as ransomware, DDoS, and Zoombombing, parents can reduce the risk of cyberthreats by practicing these fundamentals of internet security:
- Audit and secure all hardware, software, systems, and portals that your children are using every day
- Make sure all passwords are unique, strong, and kept strictly confidential
- Discuss the threats mentioned above with your kids so you can approach internet security together
- Limit access to extracurricular internet activities, especially during learning time
- Keep an eye out for the signs of cyberbullying
Finally, and maybe this goes without saying, thank your teachers. They’ve certainly got their hands full.