The back-to-school season brings many changes: new places, new routines, new friends…and new cybersecurity risks. With more and more educational institutions — from preschools to universities — relying heavily on mobile and online applications, it’s important to make cybersecurity more than just an extracurricular activity.
Naturally, there are many ways to improve online and mobile safety. We’ve highlighted three key “get smart” tips for parents, students, and teachers to keep in mind this school year, as well as some “extra credit” resources for the truly industrious among you. The facts and figures you’ll see are culled from our industry research and experience, and the tips are borrowed from our award-winning security awareness and training curriculum.
Be sure to share with your family and friends to help them protect their personal devices and data as well.
Get Smart Tip #1: Be on the Lookout for Phishing Messages
Cybercriminals use fraudulent emails, text messages, and social media posts to trick users to into downloading dangerous attachments, clicking malicious links, and/or revealing sensitive information (like financial, personal, or business data). Side effects of errant clicks and downloads include ransomware and other malware infections, compromised accounts, and identity theft.
Don’t think phishing can’t happen to you or to your kids; even the most savvy computer users have trouble identifying these kinds of messages, which are becoming increasingly sophisticated. Fraudsters like to create a sense of urgency, using scare tactics, amazing offers, and other traps that will prompt you to click or download right away. Kids can be particularly susceptible to emails and social media posts with deals that tie to popular apps — image filters, game cheat codes, or free Poké Balls, for example — but plenty of adults also fall victim to these kinds of “too good to be true” offers.
The best bit of advice with regard to fighting phishing is also the simplest: Stop and think. Before you interact with a message or post — particularly an unsolicited email or text — consider the ramifications of what could happen to your data and/or your device if it is a scam. And instruct kids of all ages to do the same (or, better yet, tell them to check with an adult before clicking anything they aren’t sure about). You want to do all you can to avoid putting sensitive information into the hands of hackers and scam artists.
Get Smart Tip #2: Know Your Device and Your Apps
It’s critical to remember that devices are not only connected, they are interconnected. Social media accounts like Facebook are often linked with websites and other apps. Google is a sign-in vehicle for many applications. As such, a compromise in one account could lead to compromises in other places. This is one reason that website and application safety are so critical.
Mobile devices are particularly vulnerable because they are so app-driven, and new applications are appearing all the time. Here are a few action items that can help improve security on smartphones and tablets:
- Do your homework on apps before downloading – This is an indisputable bottom line: Not all apps are safe. Applications that are downloaded outside of mainstream channels are particularly dangerous (and should be avoided), but there are hazards lurking in Google Play, iTunes, Amazon, and other popular app stores. Before adding an application to your device, you should read reviews, search online, and check permissions (see the Extra Credit links for more advice on this). If you add an unsafe app that has broad access permissions, your data will end up in the hands of cybercriminals.
- Limit what you do on free WiFi – Open-access or free WiFi networks (i.e., those that don’t require passwords) are very tempting because they allow certain mobile applications and services to run without impacting data plans. But using free WiFi can be costly in other ways. It is very easy for a cybercriminal to “snoop” on unsecured WiFi hotspots and steal passwords and other data; some hackers even set up bogus networks to do just that. It’s always best to opt for a known, password-protected network. But if you (or your kids) must use free WiFi, be sure the network is owned and operated by a reputable source before connecting. In addition, avoid entering passwords, sending personal information, and making purchases while on an unsecured connection.
- Keep operating systems and trusted apps up to date – Mobile application security doesn’t end at the download; maintenance is key. In order to remain safe, you need to update apps as bugs are identified and fixed. Set trusted applications for automatic updating when possible; you should be alerted when any new permissions are attached to an update or if an app attempts to execute on a new permission (your cue to do homework). It’s also important to run operating system updates as soon as they are available as these are often pushed out to counter security vulnerabilities. (The recent iOS patch is a great example of this.)
Get Smart Tip #3: Be Selective About Sharing on Social Media
It seems just about everyone is using social networking, adults and kids alike. The proliferation of apps results in endless posts about everything from cat escapades to crowdfunding campaigns to what’s for dinner. Given that social media posts are designed for public consumption — and that many of us don’t have personal relationships with the people who follow and friend us on social channels — it’s clear that, in many cases, we’re not just sharing, we’re over-sharing.
It’s important to remember — especially for students — that the photos, observations, and activities that are posted on social media can have an impact far beyond a circle of online friends and followers. According to a recent Kaplan Test Prep survey, 40% of college admissions officers view applicants’ social media profiles to learn more about them, and 37% reported that their findings had an impact (positive or negative) on a candidate’s likelihood of acceptance. The numbers only go up with prospective employers: CareerBuilder’s 2016 social media recruitment survey revealed that 60% of employers use social media to research job candidates, and 49% said that what they’ve seen on social profiles has caused them to reject an applicant.
All social media users should assume that everything posted on social networks is public and permanent; this should be stressed to anyone who is a new user (a child or older parent, for example). Even if privacy settings are engaged or posts are supposed to “disappear” after a few seconds, that can’t stop a follower from taking a screen shot or downloading an image. Deleted items aren’t necessarily gone, and copy/paste functions can allow posts to live for an eternity.
A great piece of advice: If you wouldn’t say it to or share it with a stranger, it probably shouldn’t be posted on social media. Students in particular should be cautious of the personas they create for themselves online because of the potential future ramifications.