The Importance of Security Awareness Training
Education is, by its very nature, about the sharing of information. Faculty members pass on knowledge to their students. Students share information with other students. Educators work with third parties to provide informative and timely material that helps all stakeholders learn, grow, and connect with other human beings.
It is no secret that the way information is shared has changed dramatically over the last decade. Our smartphones have more computing power than was used to put early astronauts on the moon. We share online constantly, and we’ve come to expect near-instant access to information shared by others.
Naturally, this shift has had a huge impact on the way education is delivered. Now, with a global pandemic prompting a surge in remote education, schools are more reliant on technology than ever. They need to make vast quantities of information and resources immediately accessible to students and faculty online during a stressful and busy time. All of which makes the education sector a prime target for phishing attacks.
What is Phishing?
Phishing is the easiest and most common way for bad actors to gain access to systems and data.
As the name suggests, phishing involves hackers throwing a line in the water to see what they can catch – and once they have us hooked, they can tunnel into our systems and do their worst. There are several types of phishing attacks, including traditional email phishing, spear phishing, smishing, vishing, and whaling
Phishing attacks rely on human error to succeed. Hackers count on their targets being untrained to detect potential threats, too busy to notice the warning signs (e.g. strange links in emails or text messages from unusual sources), or too afraid of not responding to what may seem like critical instructions or warnings.
Who Defends Against Phishing Attacks?
IT departments – often with limited budgets – work hard to keep students, educators, and institutional infrastructures safe from bad actors. They keep their institutions’ technology up to date with the latest security patches, and they use all the tech at their disposal to identify phishing emails, detect and eradicate malware, track attempted system intrusions, and ensure institutional and personal data is encrypted and protected.
Security, however, is not just an “IT thing”. It needs to be everyone’s thing.
People are the most important digital security guards schools have, particularly against phishing attacks. It is crucial that all stakeholders at an institution are properly trained to spot anomalies, especially in emails and text messages, so they do not fall victim to such scams.
How Can I Avoid Phishing Attacks?
Here are some key questions to ask when you receive an email or text message to help you spot and avoid phishing attacks.
Who sent the message?
Do you know the sender? Is it a person you would normally expect to contact you? If not, proceed with caution.
Does the message contain an urgent request?
Bad actors often try to trick targets into acting before thinking by creating a sense of urgency. Texts and emails that instruct you to click a link, transfer money, or take other immediate action should always be regarded with suspicion – especially if they threaten or imply alarming consequences if you don’t comply.
Are there spelling or grammatical mistakes in the message?
If someone claiming to be contacting you in an official capacity (e.g. from your school or bank) sends you an email riddled with basic language errors, it’s reasonable to suspect they may not be who they claim.
Does the message request personal information?
Personal information is a prized commodity among hackers. Any message requesting yours should be treated with extreme caution.
Is the message prompting you to click a link?
Links in an email may not lead where the message claims, particularly shortened links and hyperlinked text. You can see where a link actually leads by hovering your cursor over it – but even then, be cautious about clicking.
Are there pop-ups in the message?
There’s no reason why these should be included in any email from a legitimate source. The email is spam at best, and quite likely a phishing attempt.
These are just a few of the ways to screen out potential phishing attacks. Stop and take the extra few moments you need to evaluate all messages you receive. If it looks odd or too good to be true, it probably is. Instead of replying to an unusual email, contact the sender outside of the communication thread (if possible) to confirm its legitimacy. Most importantly, report the phishing attempt to your IT department so they can track its origin.
All of this just scratches the surface of the subject of digital security. There are lots of great security training programs available that can kickstart an awareness campaign in your organization. It is important to ensure we are all educated and have the information we need to keep ourselves and our institutions safe.
During these unprecedented times, we are all making great efforts to physically interact safely with each other – masks, handwashing, and social distancing. Let’s all ensure we are practicing safe and secure online hygiene too.