As school resumes for many students in Canada, health safety is understandably a serious concern. But cybersecurity should on your checklist before your students resume their studies too, either in school or remotely. Here are some items to consider as September quickly approaches:
Patching: It is vital to keep your computer fully patched to ensure everything is up to date. Important security updates are released on a regular basis, and missing even just one can potentially expose you to problems. Make sure your operating system (usually Windows or iOS) is on the latest version, and don’t forget to check your browser and other programs on your computer or laptop for updates. The same applies to your smartphone – check the operating system and applicable app store to get the latest and safest versions of all software. Depending on your device and system, you may even consider setting up automatic updates to make it more convenient to stay current.
New Phones, Computers, or Apps: Back to school may be a time to get a first laptop or replace an old phone. With any new equipment or program, be sure to change any default passwords and review the best practices for security settings. For apps in particular, the default settings are often more useful for the app developers than for you – make sure you review your profile or configuration to ensure you’re comfortable with what your sharing online. New devices, ironically, may require updates or patching, so don’t assume they’ll be ready to use right out of the box. Update to current versions and support levels before you start using the new gear. We have a great article on cyber hygiene for mobile devices that provides more detail.
Shared Devices: Not everyone can afford a new laptop or tablet, and will need to share devices with others in the home. Take measures to ensure that each user of a device has their own separate profile, you log out securely after each session, and you never share passwords. For Window computers in particular, set up individual user accounts (without administrator privileges) to reduce the risk of compromise. It’s easy to do – this article outlines how to share a single PC amongst several people safely.
Device Protection: It’s essential for you to have a current anti-virus/anti-malware product running on your system, and to ensure that it’s set to update automatically and scan regularly. Consider a personal firewall to provide added protection against external threats, or look at more extensive security software suites that provide content filtering, parental controls, and more. All that is on the software side; on the hardware side, consider getting a case to protect your new mobile device from damage, making sure to lock up and safeguard your equipment at all times, and enabling device tracking in the event that your gear is lost or stolen. And if you’re physically going back to school, it may be worth considering installing the new COVID-19 exposure tracking app as a health safety measure.
Cybersecurity Awareness: While it’s important to have your system set up properly and fully patched, remember that you are part of your devices’ cybersecurity defenses. Consider taking an online cybersecurity awareness quiz to evaluate your knowledge of best practices – many schools and universities offer these tutorials, often tailored to the specifics you’ll need to know about your school’s services and applications.
Phishing Awareness: A subset of cybersecurity awareness, the importance and prevalence of this issue demands its own section. Phishing is one of the leading methods of cyberattack and primary causes of data breaches. Many current email systems do a great job at filtering out most of the “noise” out there, but it only takes one misstep to expose your computer – and potentially your school – to ransomware attack or data theft. Always be careful before opening attachments or clicking on links in emails, especially if it’s something you weren’t expecting or from someone you don’t know. We have a more detailed article on phishing and social engineering that can act as a conversation starter about the importance of staying diligent.
Avoid Pirating and Jail-Breaking: Aside from being illegal, pirated or hacked versions of software can expose you to malware hiding in the code of the application you think you’re getting for free. Only use licensed software and apps downloaded from official app stores to avoid unpleasant “extras” when getting software through back channels. And jail-breaking systems to sidestep security or make unauthorized hacks or changes can expose you to malware and other unexpected problems with your devices. Play it safe and smart.
Passwords: Never reuse the same password across multiple systems or services – in the event that one gets hacked and your credentials are stolen, you don’t want hackers to be able to easily pivot and test your userid/password combination on other sites. Most sites and services now impose password complexity rules when subscribing, but don’t take shortcuts if they don’t. If you find it difficult to keep track of all of your passwords, consider using a password locker software application to store them securely across all your devices. More background on password usage is available in our password hygiene article.
Videoconferencing: Many of us have become accustomed to using videoconferencing applications for home study and group work. Different applications have different approaches for logging and meeting securely – make sure to review the best practices and personal settings for the software recommended by your school. Visit our videoconferencing best practices guide for a deeper dive on issues to consider.
Home Security: 2020 saw an explosion of remote work and study, and an increase in the number of smart home devices. Be sure to review our smart home cybersecurity primer to ensure that you’ve considered the hidden threats of these convenient tools, and to make sure your home network is safe and secure.
Public Wi-Fi: The Wi-Fi services provided by your school are a great convenience, but are susceptible to constant attack. Use the services for casual surfing or study, but never access personal or financial information over unsecured Wi-Fi networks. For more private online work, consider using the data plan on your mobile device, either directly or by enabling a personal hotspot on your smartphone. It’s more inconvenient, but can be much safer.
Data Backup: Your computer and mobile devices offer features to create backup copies to other devices, or to the cloud. Consider what you can afford to lose if your smartphone is stolen, or your laptop succumbs to a ransomware attack: frequent (and tested) backups to secure locations can save you a lot of headaches should the worst happen.
Social Media Savvy: Social media channels provide excellent ways of staying in touch, sharing ideas, and being entertained. But they offer just as many negatives, so proceed with caution. Always think before sharing – remember that once something is posted, it can be “forever” on the Internet. How might a future employer or friend interpret something that you’ve posted? If you have a falling out with a friend, how might your online confidences be turned against you? Always be careful about sharing personal or sensitive information about yourself or others, as they could fall into others’ hands without your knowledge. And if you or others encounter cyber bullying or inappropriate content online, speak to someone immediately.
Talk to Your School: If you follow all of these tips, you can feel more comfortable that you’ve done what you can to be cybersafe for the new school year. It may be interesting to discuss cybersecurity with your school to learn more about their resources, defenses, and incident preparedness plans in the event that the institution falls victim to a cyber attack. Unfortunately, universities (either directly, or through third party vendors to the schools) are becoming common targets for hackers. This can expose your personal information to theft, and compromise your studies and educational experience by limiting access to resources. Talk to your teachers or administrators to confirm what methods they will be using to communicate remotely with students, and how they are keeping these channels secure. The more you learn from your school, the more confidence you should get that they are taking cyber security just as seriously as you are.