Headed to University – Back to School Cyber Security Apps and Best Practices to Protect University Students from Cyber Crimes
A wave of recent cyber attacks have targeted municipalities and school systems including universities. Schools in Louisiana, Oklahoma, Alabama and Connecticut were attacks. In New York state, the Syracuse school district and the Onondaga County library were also successfully attacked by hackers. Three separate townships in Florida were crippled by ransomware attacks costing weeks of lost services and hundreds of thousands of dollars in paid ransom. Last month, cyberattacks crippled schools in New Mexico and stopped email, internet and VoIP-phone services in Lyon County, Nevada schools. For Lyon County, the school district’s insurance carrier paid a ransom to hackers using cryptocurrency but some of the services are still locked up by malware.
These cyber attacks show no signs of slowing, in fact they appear to be increasing. Although these attacks focused on the institutions, they occurred over the vacation periods when students are not present. Had school been in session, it may have been a different outcome. Hackers could possibly infiltrate the thousands of devices that are connected to school IT networks. Students access their schoolwork from home computers too using their home internet connections, trysting that the school network is secure.
Universities encourage and even require that students bring their own devices to communicate and complete assignments. We trust that connections are secure. Although universities set minimum standards for security updates and acceptable hardware before allowing devices to connect to their network. But they are protecting their network, not necessarily your device. Fortunately, there are some inexpensive practical apps you can use to protect your device when using shared WiFi connections with thousands of people in a school setting.
- VPN – VPN stands for Virtual Private Network. Virtual private networks are software applications commonly used by workplaces so employees make an act back to their office computers or an enterprise network securely. A VPN is useful for anyone who uses shared or public WiFi like the kind of WiFi connection found in universities, dorms, coffee shops, and classrooms. When a person connects to shared WiFi their data can be intercepted by anyone else using the same WiFi connection. Even if it has a password the connection is not completely secure. Anyone can read and decrypt the internet data sent across a shared WiFi connection with a commonly available piece of hardware and cheap software that can be bought online for under $100. A VPN encrypts your data from your mobile device tablet or laptop while it’s in between your electronic device and its destination. For example, a VPN will encrypt your username and password if you use your phone to log into your bank account or Venmo account to transfer money. VPNs be installed as software on your phone. There are free and paid VPN services. Usually the free VPN services have a data limit and are generally slower to use.
- Batteries – Bring your own portable phone charger. Batteries may also not really seem like they’re a cutting edge cyber security device but they can be if you tend to run really low on battery life or are tempted to use a USB charger or a public shared charger like those found in airports and cafes. Don’t ever use just a USB cord to charge your device. Carrying along your own rechargeable batteries can help you avoid the need to use a public charging station or other service. Anytime you connect using your USB port, there is a risk of infecting your device with malware.
Free charging stations can be used to track mobile devices and even glean personal information about off of your phone. The only time you should use a public source of electricity to recharge a device is if it’s an ordinary pronged outlet that you plug a power cord into.
- Password Vault – A password vault is a browser plugin or subscription software that maintains and syncs account passwords across multiple devices. With a password vaults, you can have a unique password for each and every online account and not have to worry about remembering passwords. Don’t want to ever write down passwords and risk having that piece of paper picked up by others. Password keepers help secure online accounts and some full featured apps may even notify you in the event of a hack attempt. Password keepers are generally subscription services with download apps or browser plugins, some of which are free and some are paid.
- Malware Remover – Malware infections are on the rise, especially in the form of ransomware as we saw with the various school cyber attacks. Malware, sometimes called a computer virus or worm, is any kind of unwanted software on your phone, hardware, router, tablet, or laptop. They include ransomware which locks up access to a device waiting for the owner to send money to get restore files or control and adware which pushes pop-up advertisements to a device or runs a web browser in the background. Malware can also be a computer virus or a worm that causes damage to a system or reads personal data from a device. Keyloggers record passwords, credit card numbers, or other information typed on your keyboard.
Malware can be incredibly damaging. Organized hackers attack corporate clients but smaller hackers go after individuals to steal money from unprotected phones, computers, and connections. Unwanted apps can be inserted, unknowingly onto an electronic device at the same time when they download a game or software update for another app. A hacker could infect your device while you’re using public WiFi.
Malware protection is software that attempts to detect unwanted apps, computer viruses, or scamware before it causes damage to your device. It is commonly referred to as antivirus removal. Protection comes in two forms, detection and removal. it’s good to have apps for both purposes.
- Identity Theft Monitoring – Hackers can steal your identity using information sharing from social media. Clues contained in social media posts like birthdates, petss names, hometown are common passowrd reset uqations. Identity theft monitoring services are subscription services you pay for to protect your credit score, personal information, social security numbers, passport data, and any open financial accounts that you already have. Identity theft monitoring also guards your credit report and notifies you when someone opens an account in your name. Identity theft monitoring services may also work for health care identity theft as well. Scammers may go to a doctor and receive medical care using your name, social security number, and health care insurance card numbers that were stolen during a cyber attack and sold on the dark web. This may seem like it’s not such a big deal, but you could be held responsible for unpaid medical bills, co-pays, and insurance deductibles that a scammer racked up in your name.
Identity theft monitoring also notifies you if there’s been an increase in the credit limit on any existing accounts, if a new mortgage was opened in your name, if a bank loan taken out, or any other kind of financial activity connected to you. If you suspect that your credit card numbers or your identity has been compromised say for example in the recent LabCorp and Quest – American Medical Collection Agency hack or the massive Yahoo email breach, and the even bigger Equifax credit report service data breach, then identity theft service is for you. Recently my data was part of the Marriott Hotel chain hack, so I have identity theft monitoring and a credit freeze on all of my accounts.
- RFID Protecting Wallet – RFID pronounced “ar-fid” stands for radio frequency identification. It’s a technology used in inventory tags and credit cards that allows RFID tags to be read without physically touching the RFID tag. RFIDs are the technology behind contactless train tickets, keyless entry into buildings, and credit card payments. RFID readers must be held close to an RFID chip to work so they must be within two feet to a few inches to work for payment processing. Unfortunately, this work for hackers too. A hacker who is physically near someone with an RFID enabled credit card can also read the card’s numbers. The tactic, called skimming, is a form of digital theft where data from RFID enabled credit cards is read and duplicated. Hackers do this by carrying physical hardware RFID readers in their bags or backpacks. They then walk through crowded spaces like stadiums, shopping centers, or crowded sidewalks, hoping to detect and scam credit card numbers from unsuspecting pedestrians.
An RFID blocking wallet has a special liner that stops a credit cards from being read. The liner is just an electromagnetic blocking technology called a Faraday cage. It looks like a very thin layer of mesh within an ordinary-looking wallet or card sleeve. It blocks the RFID signal, so your credit cards won’t be sniffed by hackers. The small metallic square on a credit card does not indicate RFID technology. RFID wallets come in all kinds of shapes, colors, sizes, and materials. I have an RFID blocking holder for my passport because US passports have RFID chips in them. I also have a smaller RFID blocking sleeve for all my credit cards. It is a small holder that sits inside my larger wallet. It is also convenient for when I don’t want to carry my whole bag. I can just take the little sleeve put it in a smaller bag or even in my pocket.
Once when I was walking on the Las Vegas strip with a friend, her credit card was sniffed by someone with an RFID reader. Although we were in Las Vegas, there was a charge to her credit card in Reno and then about two hours later another charge in Baltimore, Maryland. This prompted her bank to call her and close the credit card leaving her with no way to pay for anything while we were in Las Vegas.
- Surge Protector – A surge protector is the old school plastic power strip. This is good for anyone at home or away at school to protect electronic devices that are plugged in for recharging. Surge protectors don’t have to be expensive they come in all kinds of colors, shapes, and sizes with a varying number of receptacles. But be sure to get one that has surge protection and maybe even comes with a guarantee or warranty in case your electronics are damaged due to low voltage.
- Student Credit Card -A credit card seems like the opposite of what you might want for cyber security, but it can help protect your money from hackers. A common credit card scamming technique scam is to insert a physical piece of hardware called a skimmer on a point of sale terminal or ATM cash machine. Typically, this happens at terminals that are not monitored by an employee. For example, a common place to put a credit card skimmer is on a gas pump where customers drive up, swipe a payment method, bank card, or debit card and then pump and pay for gas themselves. No human intervention from the staff.
A skimmer can be difficult to see unless you’re looking for it. It is another piece of equipment that sits right on top of a credit card reading device terminal – where you would swipe your card – and it reads your card numbers while the is swiped or inserted. You still get your money from the cash machine so nothing seems strange but now the hacker has your card numbers and then can charge up purchases or withdraw money from your bank account. A student credit card can provide a layer in between you and your actual cash. I use a credit card that gives me three percent cash back on all my gas purchases. I always use it at the gas pump that way if someone gets my numbers at least they cannot get to my bank account and my cash. I have some layer of protection that’s guaranteed by the credit card issuer.
- Portable Hard Drive – Portable hard drives are an ideal way to backup and protect data. In the past school cyber attacks, some had no backup and paid hackers hundreds of thousands of dollars to restore their systems. Even with a backup, it can take weeks to restore an enterprise IT system. A backup of your computing environment and data will help you to get back online again in the event of an incident. Having your work, files and any personal data saved to an external hard drive that can be detached from your tablet, laptop, or phone will help restore your information and school work after a data breach or ransomware attack.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers