Online Schools May Inadvertently Put Your Child’s Data and Privacy at Risk – Here’s How to How to Keep Your Child Safe Online
How to keep your child safe in online schools. Many children are now suddenly involved in online classroom settings that are new to students, parents, and educators. Although it is fabulous school districts have been catapulted into embracing online technologies, it has been a mad scramble to take classrooms and assignments online in a secure manner. Data privacy is at risk. Parents may find it challenging to keep up with the flurry of login credentials to video conferencing websites and online leaning platforms. Notifications and emails may be coming from multiple sources, making it confusing to keep track of who is sending what and who has received it. Emails with attachments and links to other websites can be potentially dangerous as they are prime targets for hackers.
In July 2019, three Louisiana public schools were successfully shut down by a ransomware attack. The cyber attack infected ten percent of Louisiana’s 5,000 IT servers and over 1,500 computers. Also in July 2019, Rockville Centre School District was paralyzed by a Ryuk ransomware cyber attack. The district’s insurance carrier paid a ransom of $88k USD to recover the network. In October 2019, a ransomware shut down Las Cruces Public Schools in New Mexico. The district mitigated the attack by reformatting 30,000 devices and refused to pay the ransom.
It’s always better to be safe than sorry.
Online Schools – How to Keep Your Child Safe
Use a Secure WiFi Network
If you’re working in a place where there are multiple WiFi networks to choose from and yours won’t work for some reason – it’s too slow for example, don’t just log in to any network that your phone or compute detects. Hackers can set up WiFi networks that appear to allow you to access the internet while they record what you look at online, your passwords, data, emails, and messages. This puts your online accounts and money at risk. For example, if you’re on a hacker’s network and log into your bank, the hacker can steal that password from your web browser.
Even if a hacker can get a low-level password for a social media account, they can likely use it to hack into a more valuable account like a credit card or bank account. People often use the same password across multiple online accounts. So, if a hacker gets your email address and one password, they may be able to use that information to break into a lot of your other online accounts too.
Always use secure WiFi that is protected with a password of its own and unique passwords. Try saving them in a password manager for extra security.
Be on the Look Out for Phishing Emails
My daughter started online classes today. Emails from teachers are flying as teachers and students scramble to adapt to a new learning environment. Some emails from the new learning platform they are using for online classes. Some emails are coming from the platform they had been using all along to track grades and assignments. Still other emails are coming from school district email accounts. Some emails, like those from the strict, have Word docs attached. Others email have links in the body of the email prompting me to read a message on the learning platform. In the last 24 hours I have received over 15 new emails.
ALL of these email notifications from online schools are ripe for hackers to launch phishing email and malware campaigns targeting parents, teachers, and kids. With emails originating from three different domains (the learning platform, the school district, and the older progress tracker) it can be east to miss a spoofed email address. A hacker can buy a domain name that is closely name to your school district website and send emails containing links to malicious website and weaponized email attachments.
Do you think your school district is too small for a hacker to mess with it? In 2019, the number if cyber attacks on schools tripled and included kindergarten through 12th grade schools , Universities, and local governments. Primary public school districts across the U.S. suffered a total over 500 cyberattacks in 2019. Hackers only need one person with a privileged network account open a weaponized email to get a malware infection started. These cyber attacks can disable a school IT system for weeks (Don’t get any ideas kiddos!!!)
Ask that your school district stop sending emails with attachments (see the part about macros below) and upload all communications to one channel. They should use the platform to distribute Word docs, spreadsheets, pdf files, and other classroom materials as downloads. That way parents and students receive notifications from one source and to to the learning platform for all attachments avoiding harmful links in emails and potentially damaging email attachments.
Ask Your Child’s Teacher to Use a PIN for all Online School Meetings
Recently an online Norwegian class of young school students was interrupted by a nude man who had guessed the URL to the children’s live class. The teacher was using Zoom, a popular video conferencing platform but had not set a PIN code to control who attended. The perv was talking to and exposing himself to the children over the live video class before some parents saw what was happening. It is believed that the man had cycled through random meeting ID links until he got one that worked and joined the video call. This is not the first time this has happened.
Conference call apps like WebEx, Zoom, Uber Conference and others, use a standard link structure for calls that can be joined from a computer web browser. The teacher or meeting organizer can opt to require a passcode to join the call. Higher quality platforms may assign a unique URL to each attendee to add more protection and track attendance. If the meeting organizer has a subscription to the online video call service, the link may always be the same to make it easier for people to remember. That also makes it easier for hackers to remember too! With so many people working and attending school at home now, hackers have a lot better luck just randomly guessing at links that many connect them to calls.
The Norwegian class was not protected with a passcode although it could have been. Ask your child’s teacher to require a PIN code to join any online class or video call.
Disable Macros on Microsoft Files
Enabling macros is dangerous. All Microsoft Office documents including MS Word and Excel files commonly used by students, can contain built-in macros that give them certain functionality. Macros are small chunks of computer code that can handle repetitive tasks. Although they do have legitimate uses, hackers frequently use macros to infect your computer with malware. All of the recent COVID-19 phishing emails and malware attacks use macro enabled MS Word documents sent via email to infect the victim’s computer.
Hackers can embed macros inside documents and spreadsheets that automatically run as soon as you open a file. They spread malwares such as spyware, viruses, and key loggers to infected computers. Although up to date versions of Microsoft Office contain security features that may protect your computer from macros, they are still potentially very dangerous. Use a reputable antivirus app to protect your computer and be sure to disable macros.
Use a Virtual Private Network (VPN)
VPN stands for virtual private network. A VPN is software or app that you can download to all of your computers, phones, and even your WiFi enabled television to keep the information sent from these devices private. When devices are sharing an internet connection, like in a home for example, it is easy for anyone to see the contents of messages, what website you visited, and files sent. Although parents may not want their children to hide what they are doing online, many parents are working from home and need to keep their employer’s information private. A VPN subscription costs only a few dollars per month and can be shared with all devices in the home. We reviewed several VPNs. I use IPVanish VPN and one of your other authors uses PIA VPN for watching Netflix, but the VPNs listed below are all good quality.
What to Do if You Think Your Childs Information May Already Be at Risk
If you think that you received a phishing email or have somehow compromised your computer, then download an antivirus app right away. This will help start the process of cleaning up your phone or computer. Be wary of free antivirus apps or ones that you download from review websites as they can be malware themselves.
After you have cleaned up your computer and phone, and reconnected to the internet using secure WiFi, change ALL of your usernames and passwords. Don’t reuse passwords across multiple online accounts. Download a password manager that will generate hard to guess passwords that are unique for each online account.
How to Keep Online Schools Safe
- Do not set meetings or classrooms public
- Require a passcode or PIN to join any call
- Do not share Zoom conference links on public social media
- Restrict screen-sharing options so only the host can share thier screen during a video call
- Ensure users keep their conferencing apps up to date
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers