According to data from DataReportal, we spend on average 7h on devices daily, and while more time spent on the device doesn’t necessarily mean more danger, prolonged time might mean more potential exposure and in turn a more potential risk of falling victim to cyber-attack.
Phishing is one of the most popular ways of cyber-attack especially for educational institutions, in 2020, 60% of educational institutions experienced phishing attacks. Phishing attack starts with any type of online communication that tries to look like it’s coming from a reputable source (a colleague, principal) when in fact the correspondence comes from a cybercriminal. The message may ask for a username and password for an account or simply instruct the recipient to click on a link or open an attachment. If the recipient follows the instruction of the message, attackers will gain access to private and sensitive data from the initial victim to the data of the network they are (other co-workers or students).
Source: https://freepik.com/
Even if you aren’t a security expert there are steps you can take to protect yourself:
Step 1: Think before clicking.
Many phishing attacks come in form of urgency (“If you don’t respond to this message in the next 24h…”) a reward (“You just won a new car!”) or even simple information (“You have been invited to a shared folder). The more targeted the attack is, the better tailored the message will be to you. If it’s too good to be true, it most probably is.
Step 2: Unusual sender
If the attack comes in form of an email look at the same sender while it may seem that the email comes from Joe Smith but looks like joe@830jin-jin.com you should be careful.
Step 3: Hyperlinks
Links aren’t always what they appear to be. Hover over the link before clicking, that way you can see, if it links are connected to the same address as the one displayed. If not that is one of the major red flags to pay attention to.
Step 4: Attachments.
If you have an attachment in the email that you didn’t expect to receive or that makes no sense in relation to the message itself, connected with all previous points is something to be wary of. If you don’t recognize the attachment but know the sender, reach out to them using a different method (do not reply to a suspicious email!) and confirm that they send the file.
Step 5: Content of the email.
Most phishing emails will look off, in some way. They might have different fonts in the text, or there will be grammatical errors in the text. It can be that the text itself will sound strange, as opposed to the person that it should come from. Sometimes a phishing attack will ask to click on a link or open an attachment that seems odd or illogical.
Phishing.org has an excellent graphic that explains in detail all of the red flags of the emails that are phishing attacks. It shows what to pay attention to when receiving emails from unknown sources, but also senders that we might know – but in reality, are disguised attacks.
When the world collectively switched to online learning due to the COVID-19 pandemic the number of attacks aimed at educational institutions increased sustainably. Many institutions already had knowledge and tools to safeguard them however many didn’t, therefore, a lot of data was lost, and while implementing firewalls and antivirus on school devices, the weakest point of every network is human. This is why teachers should know basic ways of cyberattacks and how to defend against them to protect their data, the personal information of their students and the confidential data of the institution.