TechTarget Article Explains an Increase in Cyber-Attacks

The shift to remote learning was already becoming common before COVID-19 completely changed the classroom norm. When kids are learning from home, technology becomes a pivotal part of everyone’s lives. Cybercriminals are thriving because of this new way of learning.  

Nelnet has a team of 30 plus people who are constantly looking into the security of our products. We are devoted to ensuring our products are secure at all times.  

Patricia Ellington, Nelnet Business Services IT  systems security manager, said that we are here to protect the confidentially, integrity, and availability of our partner’s data.  

“We have established protocol to monitor, alert, and protect data entrusted to us,” Ellington said. “The infrastructure is built to deliver reliable, redundant, and secure data traffic, both inbound and outbound.” 

TechTarget partners with SearchSecurity to educate people on security industry knowledge. Their purpose is to explore topics and best practices on issues like data security and strategies, threat detection, network security, and web security tools. TechTarget recently published an article about the increasing amount of cyber-attacks schools are experiencing.  

The article states that there are three main types of cyber-attacks. Those being: 

1. Ransomware 
2. Zoombombing 
3. Phishing 

Knowing the type of cyber-attacks allows the institutions to prioritize technical and non-technical controls including security awareness training for students, teachers, school administrators, staff, and even parents, Ellington said. 

Ransomware attacks are becoming more common because there is an increase of software availability. Cyber criminals take control over an institution’s software until the ransom is paid. During this time, the criminals can take any information, including student and parent financial data. The longer the ransom takes to resolve, the more information the cybercriminal obtains.  

The article noted a citywide ransom attack that forced Hartford Public Schools to postpone their first day of school. A software system that delivers real-time information on bus routes was impacted. The Hartford mayor said that more than 200 of the 300 computer serves were affected. 

Zoombombing is when an unwanted internet troll or hacker gets into a private video conference call. This type of attack causes disruption and damage. Check Point security engineer Maya Levine was referenced in the article in regards to Zoombombing. 

“Zoombombing is one type of attack we’ll likely see but it can be avoided pretty easily if teachers take advantage of and utilize the security features offered by the platform,” Levine said. “However, denial of service attacks will be incredibly disruptive to schools like the one recently in the Rialto district.” 

Phishing is when scammers use text messages or emails to trick an individual into giving out their personal information, described by the Federal Trade Commission. For example, a hacker could send out an email to employees that looks like the actual emails they receive from their institution. An employee may quickly open and respond to the phishing email without knowing how much harm they are doing. People lost $57 million to phishing schemes in one year, recorded by the FBI’s Internet Crime Complaint Center.  

The TechTarget article said the main thing needed to ensure quality security is some effort from the government to provide basic security. There were some basic steps for schools to take to reduce their attack surfaces noted in the article. Some of those were: 

• Security training for officials to prevent phishing attacks 
• Implementing better access control for remote learning tools and platforms 
• Parents can freeze their kid’s credit to prevent identity theft 
• Explore new devices or apps for additional security controls like a two-factor authentication that institutions may not have enabled by default 

The staff, teachers, students, and parents are the first line of defense and should be trained to recognize, avoid, and report any situation that can affect the safety of their or the school’s information, Ellington said. 

“Security awareness training should be provided periodically throughout the year to continually reinforce the lessons learned,” Ellington said. “It would be great if the school could incorporate several different training methodologies using something as simple as posters within the school, to using printed handbooks and professionally created on-line and in-person learning.”