The majority of what makes back-to-school time fun has disappeared this year as a result of the Covid-19 pandemic.
Many states, including California have decided to forego in-person learning in counties with rising Covid-19 infection rates. Based on the July statistics, this accounts for roughly 90% of California’s school-age students. Minnesota announced an unexpected pivot to remote learning after teachers and families alike expressed their concerns about in-person learning in the middle of an outbreak.
While several states and school districts are taking a more business as usual approach to in-person learning, the virus’s ability to spread rapidly in short periods of time, coupled with the high infection rates in states like Florida (9000 confirmed cases in students within two weeks of reopening) point to more classrooms transitioning to remote-only learning.
Given the massive upheaval caused by millions of families transforming their homes into dual-use offices and classrooms, it’s unsurprising that cybersecurity precautions have largely fallen by the wayside.
Pre-pandemic, few schools had the resources to commit to effective cybersecurity and were common targets of malware and phishing campaigns, with over 936 reported incidents targeting K-12 schools since January 2016. Since the pandemic began and remote learning became more common, the risks have increased.
An FBI Private Industry Notification issued in June warned of the likely increased “targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning,” citing “limited resources to dedicate to network defense.”
Many students use devices also used by their parents for work, which creates exponential issues.
Businesses large and small still struggle to fill the cybersecurity skills gap, and that’s been the case for several years; a May 2020 study found that over 76 percent of the cybersecurity leaders they talked to reported a dearth of skilled applicants. The transition to remote work during the pandemic has also led to a spike in phishing attacks and business email compromise scams targeting workers.
The number of factors introduced by the pandemic has created many vulnerabilities for hackers to exploit, and a massive increase in the attackable surface for families, businesses, and schools alike.
In addition to the threat of a data breach or leak, the potential for disruptions have increased. A widely covered three-hour Zoom outage, for instance, brought many remote-learning schools and offices to a standstill until service could be restored.
Fortunately, there are steps you can take to protect your family and your work colleagues from cybersecurity problems.
Protecting Your Children’s Cybersecurty at Home
Children have often been a preferred target for hackers and scammers, and according to Levin, in the midst of a routine-disrupting pandemic, they are more vulnerable than ever.
As more kids use their home devices for school, entertainment, and communication with their peers, the risk of downloaded malware, unsecured data, and/or vulnerable applications increases. Follow these steps to keep them safe:
Teach your children about cyber hygiene
“Your kids know about general hygiene and dental hygiene, but they may not know the best ways to avoid a phishing email or text, and they may not understand the ever present danger of getting hacked or having a device frozen because of malware,” says Levin.
Teaching children about the potential dangers facing them online as a pre-condition to being able to use their devices could go a long way toward protecting them.
“Get your kids involved so they can develop their scam radar, and better internet habits, suggests the Federal Trade Commission website, which says parents should be on the lookout for “teachable moments.”
“[I]f you get a phishing message, show it to your kids. A demonstration can help them recognize a potential phishing scam and help them understand that messages on the internet aren’t always what they seem.”
Parents should also discuss the importance of using strong passwords, and consider getting an account with a password manager if their children are unable to remember the information to log in to multiple accounts.
Put parental controls on devices used for entertainment
Social distancing measures and widespread closures means more screen time for families. Children are using laptops, tablets, and smartphones for entertainment purposes more than ever. The threats posed to children are widespread.
Seemingly innocuous apps installed on devices could be tracking children’s online activity, collecting data on them. Despite the passage of COPPA (Children’s Online Privacy Protection Act) in 2000, compliance among app developers has been spotty at best.
A recent study of 6,000 Android apps found that nearly 50 percent of games marketed to children were in violation of children’s privacy laws. The wildly popular TikTok app, recently singled out by the Trump administration for alleged ties to the Chinese government, was fined over $5.7 million for violating children’s privacy.
The potential hazards aren’t just limited to gaming apps. With movie theaters shuttered and friends’ houses off limits, more children are watching more shows and movies online.
Disney’s streaming service Disney+ launched shortly before the Covid-19 pandemic began, garnered 50 million subscribers in five months. Record demand has spurred a corresponding increase in pirated content. One piracy tracking firm saw a 43 percent increase in pirated movies between late February and late March 2020 alone.
Pirated content often comes bundled with malware that can infect not just a child’s device, but other devices connected to the same network.
“Unfortunately, if your children stream illegal content online... it can expose them and you to cyber threats, disturbing pop-ups and unexpected harmful content. The risks typically associated with digital piracy can take place on dodgy websites... but they can also occur through any number of illegitimate apps on mobiles, tablets or smart TVs,” warns internetmatters.org, a non-profit organization dedicated to children’s online safety.
While there’s no failsafe means of completely protecting children’s devices, it is possible to set parental restrictions on app-store purchases and to block the ability to install new software, including the kind that is used to download the torrent files for pirated content.
It is crucial to educate children about the potential threats connected to the installation of an app or pirated software.
Keep devices updated
Devices used by children for remote learning are also at risk for malware infections from outdated or unsafe versions of software. This is especially the case for video conferencing apps like Zoom, which has released several security upgrades since the early days of the pandemic exposed several major vulnerabilities. Web browsers are also regularly targeted by hackers, and need to be updated.
Check the device your child uses for remote learning at least once a week and make sure that all of the software is updated to the latest version and that there aren’t any signs of suspicious activity.
Protecting Your Cybersecurity When Children Are At Home
While there are risks associated with remote work, the odds of a malware attack increase when more family members use the same device, especially children.
“The malicious code children collect on their way to something you’ve never heard of can hijack your computer for all kinds of purposes. There are click-harvesting scams. There are stealth programs that will turn your machine into a spambot. There’s malware that looks OK to your anti-virus program, but is actually recording every keystroke, most particularly when you log into your bank account,” warns Levin.
The best overall strategy is to keep your work device and network as separate as possible from devices that your child has access to.
Here are steps you can take to increase your security:
Set up a guest WiFi network for your kids
“A guest WiFi network is essentially a separate access point on your router,” says Levin. By creating a silo between the internet connection you use for work and the one your child uses to connect to their school and other activities, you’re limiting some of the potential damage that can be done when a malware-infected device is connected to the network.
When you’re setting up the guest WiFi network, be sure the password on your router isn’t the default one that came with it. Make it long and strong.
Set up separate devices and accounts for your children
The threats posed by shady apps, poorly secured school software, and careless behavior multiply when the whole family is using the same device for work, school, and entertainment.
"If you can afford it, have your kids use a different device," says Levin. "This way, if their device gets contaminated, your tax return and your bank information doesn't go up in smoke or end up in a ransomed file."
If there’s only one device in the house, try setting up guest accounts on the family computer for your children, which allow the guest users to use the device without giving access to your files or the ability to change system settings.
While this is not failsafe and the configuration steps vary based on the device operating system, it adds a layer of cyber separation between you and your child.
Use security software and back up your data
Whether you live alone or have a dozen children attending school remotely in your home, backups are always a good idea.
Install security software, especially anti-virus software, and make sure it regularly and automatically updates to protect against the latest threats.
Find a backup solution for your files that helps secure them and gives you the ability to restore your data in the event of a malware infection or a spilled sippy cup that renders your work device unusable. In other words, if you plan for surprises this back-to-school season, you will be in better shape.