Education in a Pandemic: Protect Your Kids from Virtual Back-to-school Threats

July and August means back-to-school for many, with millions of children gearing up to return to the classroom. However, this year, back-to-school will be different, with many children attending school remotely from their homes because of the pandemic.

As of August 18, 20 of the 25 largest school districts in the US are choosing remote learning as their only instructional model, affecting over 4.3 million students, reports Education Weekly. Los Angeles Unified, San Diego Unified, Metropolitan Nashville, and Palm Beach County schools are some of the biggest districts committed to going all-remote in the fall. With more than 13,000 public school systems in the United States alone, we can expect many other school districts to follow the trend of remote learning, to keep children and their families safe.

This has led to parents asking some key questions: how do I keep my children safe as they learn remotely? How do I protect my children from hackers and cyberbullies? Are the technologies that enable remote learning actually safe for my children to use?

Surge in Hacker Interest in Back to School

Parents’ concerns are valid. Researchers at Check Point took a close look at data from the last 3 months to examine hacker interest in back-to-school. They found:

• Over 35,149 new domains were registered around the back-to-school theme the past 3 months, 512 of them were found to be malicious, with another 3,401 suspicious
• The average number of suspicious domains per week at the peak time was 356, which far exceeds the traditional weekly average of 115 the previous weeks.
• The peak was around end of July/beginning of August, where the weekly amount of suspicious back-to-school domains increased by almost 30% compared to the weekly amount in June/July.
• The average number of malicious domains per week at the peak time (registered date) was 39, compared to the weekly average of 46 the previous weeks.

Figure 1: Number of new back-to-school registered domains per week in the last three months

Found: Security Flaws in Online Learning Technologies

In the first half of 2020, security researchers at Check Point conducted a thorough audit of Learning Management Systems that enable online learning. Some of the more popular systems use WordPress add-on software known generically as a plugin. Check Point Research found security flaws in three of the most popular WordPress learning management plugins: LearnPress, LearnDash and LifterLMS, proving that the foundational technologies that enable online learning were vulnerable to hackers.

Although the security flaws have since been patched, Check Point’s researchers continue to caution the public around the interest of hackers to take advantage of children going back-to-school remotely.

The Threat is Real

The reality is that there are significant security threats looming for children going back-to-school:

• “Zoombombing” is when an uninvited person joins a Zoom meeting in an attempt to gain a few cheap laughs at the expense of the participants. Zoombombers often hurl racial slurs or profanity, or share offensive imagery. San Diego Unified School District recently experienced a Zoombomb incident where a person with the username “Dee Znuts” wore a red ski mask and sweatshirt during the meeting and made several hand signs. Zoombombs can traumatize children.
• Cyberbullying is the use of electronic communication to send, post, or share harmful, false, or mean content about someone else. It can also include sharing personal or private information to cause embarrassment. Cyberbullying often takes place on the most popular social media applications. The Cyberbullying Research Center indicates that, 37% of young people between the ages of 12-17 have been bullied online, and 30% of them have had it happen more than once. Cyberbullying can impact a child’s well-being.
• In 2019, more than 1000 schools in the US were hit by a ransomware, a type of malicious software designed to block access to a computer system or computer files until a sum of money is paid. Most ransomware variants encrypt the files on the affected computer, making them inaccessible, and demand a ransom payment to restore access. Ransomware is often delivered via an email that appears to be legitimate, tricking a person to click a link or download an attachment that delivers malicious software.
• Phishing is the attempt to obtain sensitive information or data, such as passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.

Back-to-School Security Tips

So, given all the security risk, how can students, parents and schools better protect themselves? Check Point offers the following security tips for each:

Tips for Students

1. Cover your webcam. Turn off or block cameras and microphones when class is not in session. Also, be sure that no personal information is in the camera view.
2. Only click on links from trusted sources. When in the remote school collaboration platform, only click on links that are shared by the host or co-hosts, when directed to do so
3. Login directly. Always be sure to log in directly to your schools’ remote school portals; do not rely on email links, be aware of lookalike domains on public tools.
4. Use strong passwords. Hackers often attempt to crack passwords, especially short and simple ones and adding complexity into your password prevents that.
5. Never share confidential information. Students should not be asked to share confidential information via online tools. They should keep all personal information off cloud storage platforms.

Tips for Parents

1. Talk to your kids about phishing. Teach your children to never click on links in email messages before they first check with you.
2. Call out cyberbullying. Explain to your children that hurtful comments or pranks delivered online are not OK. Tell them that they should immediately come to you if they experience or see someone else experience cyberbullying.
3. Explain that devices should never go unattended. Your kids will need to understand that leaving a device for unwanted hands can be detrimental. Hackers can login to your devices assume your child’s identity online.
4. Set parental controls. Set the privacy and security settings on websites to your comfort level for information sharing.
5. Increase awareness. Cybersecurity literacy is an important skill set, even for the youngest schoolchildren. Invest the time, money and resources to ensure your child is aware on cyber security threats and precautions.

Tips for Schools

1. Get anti-virus software. Making sure your children’s laptops and other devices are protected by antivirus software prevents them from accidentally downloading malware. Turn on automatic updates for that anti-virus software.
2. Establish a strong online perimeter. Schools should establish strong boundary firewalls and internet gateways to protect school networks from cyber-attacks, unauthorized access and malicious content.
3. Check third party providers thoroughly. Schools should ensure they vet thoroughly all third party platform providers they use.
4. Monitoring the system, constantly. Schools must monitor all of their systems continuously and analyze them for unusual activity that could indicate an attack.
5. Invest in online cyber security education. Ensure that members of staff understand the risks. Conduct regular sessions for students so they are aware of the latest cyber security threats.