Unlike computer viruses and other malware that takes advantage of technical vulnerabilities, phishing exploits our all-too-human susceptibilities.
By Ripu Bajwa
In this age of technological advancements and innovations, it has become important not just for businesses but also for students to adapt themselves with the right information in order to keep their data safe. The rise in the number of school systems, providing 1:1 devices to teachers and students, often coincides with conversations with their IT staff regarding data privacy and security. Not surprisingly, phishing has always been a top concern for the most. Therefore, to steer clear of a phishing attack which may damage a personal identity or jeopardise critical information, mentioned below are a few lessons that will aid our next generation:
Unlike computer viruses and other malware that takes advantage of technical vulnerabilities, phishing exploits our all-too-human susceptibilities. Usually through email but also via social media, phone calls, and texts, phishing is designed to trick us into providing information or clicking on a false link. Spear-phishing attacks, which target specific people with messages that seem to come from an institution or someone they know, are on the rise. Another report states that there was a rise in the number of attacks in 2018 targeting district officials that succeeded in re-directing payments from legitimate suppliers to criminal accounts. Schools must be more proactive than ever to resist the rising tide of phishing attacks.
Layers of prevention and protection
Age-appropriate access and basic security practices go a long way in preventing phishing. Up-to-date patching, antivirus, anti-malware, and firewalls are the first line of defense. Nowadays, most browsers have built-in protection warning users about potentially risky emails and sites.
Teach your humans not to phish
It’s important to realise that technology alone will not protect against human error. Phishing works because humans can be fooled and manipulated to react, sometimes, for example, even ignoring and overriding warnings to blocked content. Luckily, schools can turn this human vulnerability into a powerful defense. Other than this, they can do it using something they already know quite a lot about: Education.
From click-happy to click-savvy
Schools can reduce susceptibility by making their community more aware of phishing threats and techniques. While some may characterise students as “click-happy,” many administrators and faculty also lack basic awareness and skills, such as looking at a browser toolbar to check the domain name. Simulating phishing attacks is a cost-effective way to assess the current state of knowledge—and raise awareness. Users that click through are shown what they missed. Rolled-up results provide schools with a benchmark, provide data to justify additional cybersecurity investments, and measure improvements over time. In addition to learning to recognise and avoid phishing attempts, students, faculty, and administrators can be empowered to act as a kind of “human firewall.” By encouraging rather-safe-than-sorry questioning and making it easy to report any kind of suspicious activity, IT can gain timely intelligence and reduce the risk of having to clean up difficult problems later.
Sharper hooks, smarter defenses
Phishing attacks are becoming much more sophisticated, as criminal organisations set ever sharper hooks. Like digital literacy, learning how to spot, avoid, and report phishing are skills that students will take with them beyond school, as part of being a good digital citizen.
The writer is director & general manager – Data Protection Solutions at Dell Technologies