A safe return with Check Point

Tips to protect your children against cyber threats as they go back to school

Contents 1 Back-to-school tips to protect your kids from cyber threats 2 Back-to-school hacker interest is growing 3 Security gaps in e-learning technology 4 The threat is real 5 Tips for students 6 Tips for parents 7 Tips for schools

July and August mean back to school for millions of children as they prepare to return to class. However, this year, the start of the school year will be different, and many children will be attending school from home due to the pandemic.

As of August 18, according to Education Weekly, 20 of the 25 largest school districts in the United States have chosen remote learning as their only instructional model, reaching more than 4.3 million students. Schools in the Los Angeles Unified, San Diego Unified, Metropolitan Nashville, and Palm Beach County districts are among the largest districts that have committed to implementing remote learning in the fall. With over 13,000 public school systems in the United States alone, we can expect many other school districts to follow this trend to keep children and their families safe.

This has led parents to ask themselves some important questions:How do I keep my children safe while learning remotely? How do I protect my children from hackers and cyberbullying? Are technologies that enable remote learning really safe for my children?

Pirate interest in back to school is growing

Parents' concerns are entirely legitimate. Check Point researchers took a close look at data from the past three months to gauge hacker interest in the back-to-school season. They discovered that:

• Over 35,149 new domains were registered around the theme of back to school in the last 3 months, 512 of them were found to be malicious, and another 3,401 suspected
• The average number of suspicious domains per week at the time of the peak was 356, which far exceeds the traditional weekly average of 115 in previous weeks.
• The peak was reached in late July/early August, with weekly counts of back-to-school suspect domains increasing by almost 30% compared to weekly counts in June/July.
• The average number of malicious domains per week at the time of the peak (date of record) was 39, compared to a weekly average of 46 in the previous weeks.

Figure 1:Number of new domains registered for back-to-school by week for the last three months

Security vulnerabilities in e-learning technologies

During the first half of 2020, Check Point security researchers conducted an in-depth audit of learning management systems that enable online education. Some of the most popular systems use add-on software to WordPress called plugins. Check Point Research discovered security vulnerabilities in three of the most common WordPress learning management plugins:LearnPress, LearnDash and LifterLMS, proving that the fundamental technologies that enable online learning were vulnerable to hackers.

Although the security vulnerabilities have since been patched, Check Point researchers continue to warn the public against hackers' interest in remote back to school for children.

The threat is real

There are significant threats to the safety of children returning to school:

– Zoomombing is when an uninvited person joins a Zoom meeting to have fun at the expense of the participants. These intruders often use racial slurs or profanity, or display offensive images. A San Diego-area school district recently experienced a Zoombombing incident in which a person with the username "Dee Znuts" wore a ski mask and red sweatshirt during the meeting and made several signs of the hand. These incidents can traumatize children.

– cyberbullying is using electronic communications to send, post, or share harmful, false, or mean content about someone else. It can also include sharing personal or private information to cause embarrassment. Cyberbullying often takes place on the most popular social media apps. The Cyberbullying Research Center reports that 37% of young people between the ages of 12 and 17 have been bullied online, and 30% of them have experienced it more than once. Cyberbullying can impact a child's well-being.

– In 2019, over 1,000 schools in the United States were affected by ransomware , which is a type of malware designed to block access to a computer system or computer files until a sum of money is paid. Most ransomware variants encrypt files on the affected computer, making them inaccessible, and demand a ransom payment to restore access. Ransomware is often delivered via an email that looks legitimate, tricking someone into clicking a link or downloading an attachment that contains malware.

– Phishing is an attempt to obtain sensitive information or data, such as passwords and credit card details, by disguising itself as a trustworthy entity in an electronic communication.

Back-to-school safety tips

Given all the security risks, how can students, parents, and schools best protect themselves? Check Point offers the following security tips for each:

Tips for students

1. Cover your webcam. Turn off or block cameras and microphones when you're not in class. Also make sure that no personal information is in the camera's field of view.
2. Only click on links from trusted sources. When you are in your school's remote collaboration platform, only click on the links provided by the host or co-hosts, when asked to do so
3. Connect directly. Always be sure to log in directly to your school's portal; don't rely on links in emails and be aware of domains that might look like your institution's.
4. Use strong passwords. Hackers often try to figure out passwords, especially those that are short and simple. Adding a complexity level to your password helps prevent this.
5. Never share confidential information. Students should never have to share confidential information through online tools. They must keep all personal information off cloud storage platforms.

Advice for parents

1. Tell your kids about phishing. Teach your children never to click on links in e-mail messages before they have consulted you.
2. Identify cyberbullying. Explain to your children that hurtful comments or pranks online are not acceptable. Tell them to come see you immediately if they are cyberbullied or witness cyberbullying.
3. Explain that devices should never be left unattended. Your children will need to understand that leaving a device in unwanted hands can be harmful. Hackers can connect to your devices by impersonating your child online.
4. Set parental controls. Configure the privacy and security settings of websites to the level that suits you for sharing information.
5. Keep raising awareness. Mastering cybersecurity is an important skill, even for the youngest school children. Invest the time, money, and resources necessary to ensure your child is aware of cybersecurity threats and precautions.

Tips for schools

1. Get anti-virus software. By ensuring that children's laptops and other devices are protected with antivirus software, you will prevent them from accidentally downloading malware. Enable automatic updates for this antivirus software.
2. Establish a strong online perimeter. Schools should implement strong firewalls and Internet gateways to protect school networks from cyberattacks, unauthorized access, and malicious content.
3. Check third-party providers thoroughly . Schools should ensure that they thoroughly vet any third-party platform providers they use.
4. Monitor the system at all times. Schools should continuously monitor all of their systems and scan them for unusual activity that could indicate an attack.
5. Invest in online cybersecurity training. Ensure that staff members understand the risks. Organize regular sessions for students so that they are aware of the latest cybersecurity threats.

Source:Check Point Software Technologies Ltd