Online safety and the ever changing nature of threats to IT security is as much about awareness as it is about anti-virus software – and teachers are as likely to bring down school networks as the students.
Ransomware, internet vigilantism, digital vandalism, crypto-currencies and privacy are some of the hot IT security topics for 2014. On the surface, these issues may not seem to have immediate relevance in an educational context. However, online security is no longer simply a matter of installing anti-virus software – protection is about understanding the interactions between devices, data and people.
Risks to school data
Educators are well advised to take every precaution against malware attacks – such as ransomware – because with data now at stake, the focus is as much on backup and disaster readiness as it is on the traditional defence mechanisms.
The emergence in 2013 of the particularly nasty CryptoLocker ransomware demonstrated just how effective some cyber criminal activity is. What would be the impact on your school of having all the student records held to ransom?
Ransomware could arrive at your school as an email – usually with an administrative subject line mentioning such things as reports or payroll – that have attached zip files containing infected pdfs with executable encryption malware. The subject lines look plausible but as soon as one of your teachers or admin staff clicks on it, it is game over. Ransomware works silently in the background until all your files are encrypted and locked. You then receive a message on your desktop demanding money within a certain time to unlock your files.
Protecting our schools and teachers
Lurking in the school environment is the potential for disgruntled students to carry out an online attack. What would happen if a student felt they had been wronged by the school and embarked on digital vandalism by hacking into the school network and disseminating confidential student or teacher information, or test preparations and results?
Around the world there are signs of an enthusiastic uptake of hacking skills by youngsters. Many of the world’s young hackers are now being fuelled by the emergence of “Bug Bounty” programs that allow them to earn money in their spare time by finding and reporting vulnerabilities on well-known websites and systems.
In the future, as the level of skill increases amongst these peer groups, combined with the bravado and satisfaction of impressing friends, it is entirely possible that schools will become a hacking target, as has already been the experience of so many other organisations.
Libellous, career-wrecking disparagement of teachers is bad enough as it spreads via social media but there are now other, more dangerous possibilities entering the fray.
Whether by a vindictive tech-savvy student or a cyber criminal, photos can be taken of a user with their own web camera. The victim’s photo is then used in a threat to report the user to legal authorities for fake crimes, using material such as child pornography that is uploaded by malware onto the victim’s computer as ‘evidence’.
Another risk to be aware of is the emergence of internet vigilantism. Shortly after the Boston Marathon bombing in the United States last year, a group of concerned internet citizens took matters into their own hands and started investigating potential suspects using social media search tools. Needless to say, some of their conclusions were totally incorrect but it demonstrated that people are starting to be motivated to take matters into their own hands.
Devices and more devices
The “internet of things” is fast becoming a reality in a world where connected devices pervade every part of our daily lives. You might have already seen examples in the form of wearable devices that help people keep fit by tracking their activity; Smart TVs that plug into a computer network; or even light-globes on WiFi networks that can change colour. And, very soon, we will see smart watches and cars join the list of connected devices. Some industry experts are predicting there will be as many as 200 billion connected devices by the year 2020.
School students will need new skills and levels of knowledge to be able to manage this array of devices – and perhaps to invent new ones.
On the darker side, with each new device comes a potential new weakness that we add to our fast growing communications networks. And there are the dangers of compromised devices that allow data breaches and other serious crimes to be committed.
Data is what is important – but do not forget the device
Devices are quickly becoming the tools we use to access our data, and nowadays there is a good chance that the data is living in the ‘cloud’ – meaning that it is easily accessible from multiple connected devices, regardless of your location. It is the data that we care about more than the devices themselves.
But our fleets of laptops, tablets and smartphones should not be forgotten. When it comes to protecting devices, the strongest advice continues to be to keep all applications and, importantly, the operating system software automatically updated. Every device should have the latest and most highly functioned internet security software installed – and always running. Make sure too that default passwords are changed to one selected by you. And, it is best to disable any extra features that are not being used.
Privacy – it is all about choice
How are we going to deal with all the new and invasive technologies as they impact on our privacy? What happens when more people start wearing gadgets such as Google Glass cameras that record everything they see, or your neighbour hovers their Quadcopter over your backyard? Students need to be made to feel confident that privacy is still a matter of personal choice.
Peer-to-peer technology, used to share music, movies and other content for free, is now being applied to money. Educators should be aware of the way crypto-currencies such as Bitcoin, Litecoin and Novacoin are starting to infiltrate our society. While these do not have the same ethical challenges as the pirating of music and movies, they are creating a brave new world.
As relative minnows in international finance, crypto-currency technologies are already challenging governments around the world as they are enormously complex, volatile and risky instruments, and inevitably taxation issues will arise. But the adventurous young are bringing them into the mainstream.
It might be worth looking into how the topic of crypto-currencies can be incorporated into lessons about financial systems and money. Tech savvy educators can replicate a crypto-currency in a school environment to teach students how the technology works as a tool for budding entrepreneurs; and how and where caution should be exercised.
At an operational level – protection, data storage and privacy
With resources usually stretched to capacity, schools are often at the edge in terms of their ability to comprehensively secure the data necessary for day-to-day operations, so pooling resources or using cloud-based providers will become a necessity.
However, storing data in the ‘cloud’ without due consideration is not only risky, but may also raise issues with
Australia’s new privacy reform legislation.
If possible, a school should always run two networks that never meet – one for staff and administration and the other for students and the school community – to reduce the exposure to inadvertent or deliberate infections. And all critical data must be automatically backed up in real time.
Educators already take privacy very seriously, and teachers need to also become familiar with any of the privacy principles that might apply to them.
Latest posts by Michael McKinnon (see all)
- How Secure Is The Cloud? - July 9, 2014
- Impact On Schools Of The Latest Threats To IT Security And Technology Trends - May 31, 2014