Phishing scams 101: Tips for protecting student data
POSTED JULY 3RD, 2016
In the digital age, technology is continuing to change and enhance almost every aspect of our lives. Schools in particular have benefited considerably from the introduction of digital platforms, which are increasingly replacing outdated paperless solutions. Platforms, such as school admissions software, can streamline the complex and detailed process of registration and store valuable patient data in a convenient and accessible way.
As with any data storage platform, however, sensitive information is vulnerable to theft from cybercriminals. According to Digital Guardian, cyber attacks have grown in frequency in recent years, and particularly phishing attacks, which your school district could be at risk from.
“Cyber attacks have grown in frequency in recent years.”
What is a phishing scam?
Phishing scams involve the theft of protected data which can enable the criminal to steal an individual’s identity. As Microsoft explained, phishing scams are highly sophisticated attacks that target individuals. They work like this: a school administrator may receive a faux email from an ostensibly reputable source, such as the principle or superintendent. The email will contain a URL link or attachment, which the recipient will be instructed to open or download. If the victim complies with the directions, the attachment or link will install malicious software on his or her computer, allowing the criminal to steal the protected student data.
Student information is particularly valuable to a cyber criminal because it may contain parental information such as home addresses and social security numbers. Sometimes a criminal will access the protected data in the same way, but instead of stealing the information will instead hold it hostage. This is known as a ransomware attack.
While phishing scams are somewhat rare, given the uptick in incidences in recent times, it’s important to be prepared. Here are a list of tips.
How to avoid phishing scams
- Educate all of your staff about how to recognize a potential phishing scam. There are usually a number of telltale signs that an email is inauthentic, Microsoft argued. Firstly, the email may contain a high number of grammatical errors. This is a big red flag that the message is from a malicious source, as most professional or official emails are checked for spelling errors. The second sign is to feel out what may seem unusual. Phishing emails will typical ask the victim to surrender important data, Norton reported. This may seem odd, especially if the supposed sender – such as the superintendent for example – hasn’t made such a request before. Staff should be instructed to always double check that an email is authentic before complying with instructions.
- Hold routine training seminars to ensure that everyone is educated on your school district’s cyber security protocols.
- Ensure that each school has an up-to-date and comprehensive cyber security infrastructure in place. This includes platforms such as anti-virus software and firewalls, Panda Security explained.
- Have experts come in and routinely inspect the IT system for any problems or potential security threats.
- Stay calm and exercise common sense. Most scams are easily recognizable. Use a level head and best judgment.