12 Cybersecurity Tips For Students At Home And In School

contributed by Nordpass

This is a sponsored post

Amidst the pandemic, remote schooling has turned to digital tools to engage students and keep the ball rolling. 

Edtech tools allow educators and tech service providers alike to collect sensitive student data, jeopardizing students’ privacy and personal security. This suggests we consider our particular usage, vulnerabilities, and opportunities for secure online participation for students in school and at home.

Education Apps Are Selling Student Information

Researchers from the International Digital Accountability Council found that 79 out of 123 tested apps were sharing data with third parties. The data included names, email addresses, and location data. 

More than 140 third-party companies are receiving data from edtech apps. For example, the app Shaw Academy, which enjoyed an eightfold increase since the COVID-19 lockdown, was found to be selling users’ location data and personal identifiers to the marketing firm WebEngage.  

Here are eight ways teachers can take to protect their students and themselves. 

12 Cybersecurity Tips For Students At Home And In School

1. Secure your social media 

Instagram, Twitter, and Facebook let you update parents and students in a fun and engaging way. However, to continue safely, you’ll need to review the privacy settings of each account to protect the privacy rights of your students. Know who can see what and which platform is sharing what data and with whom. A few examples:

Twitter: Set your classroom Twitter account to ‘protected’ so that only people you follow can see your tweets. 

Facebook: Make the account ‘Visible to friends only’ in the privacy control settings.  

Blur the faces of students: Unless you have prior permission to use their images in your posts, you could be violating the privacy rights of students and parents. Use a free app to blur your students’ faces and any other information that might reveal their identity. 

2. Use apps, tools, and websites that encrypt data

Encryption secures and protects any data you send online from hackers, network snoopers, and third parties. 

Use encrypted websites: Use only websites with ‘https‘ in their URL and a padlock icon next to it. The ‘s’ stands for ‘secure’ (encrypted), which means that any data leaked or obtained by unauthorized parties is unusable. 

Check the privacy policy of apps: iOS apps enforce all users to communicate through https, but the same cannot be guaranteed for Android apps. It’s best to either check the privacy policy of each tool or inspect the website for an official stamp from a data protection organization. 

Classtime, for instance, has signed the California Student Privacy Alliance agreement. If an app or website is covered by COPPA (Children’s Online Privacy Protection Act), strict data security measures will already be in place.

3. Have a recovery plan

Informing parents: Mistakes happen. You might have accidentally captured a student’s name or address in a photo you’ve posted on social media, or there might be a widespread breach of personal or sensitive information. Let the parents know whether they’ll be informed by post or email and who will do so: will it be someone from the IT department or other senior member of staff? 

What’s the plan? Provide a clear breakdown of the steps that will be taken if a data breach ever occurs. Will students be enrolled into an identity theft service? Will you assist students in securing their accounts and resetting their passwords in the aftermath (see step 5)? In the event of a company data breach, the school, district, or student can request to have their data deleted from the company’s servers. Various kinds of privacy breaches will require different solutions.     

4. Use a VPN

For all education-related tasks: Access to the institution’s network should require a private VPN connection. It encrypts and thereby protects your students’ internet traffic from interceptors who may want to steal passwords. Surfshark is one example of a VPN you might consider.

On public Wi-Fi: Public Wi-Fi is unsecured, which makes it a hotbed for hackers. A VPN secures public Wi-Fi by encrypting your connection. This enables remote students to work from coffee shops, home, or in their dorm room without worrying about hackers intercepting their data.      

5. Use strong and unique passwords

Use a password manager: There are millions of stolen usernames and passwords sold by cybercriminals on the dark web. Weak passwords can be guessed or cracked in milliseconds, exposing your students’ sensitive data. A password manager is an app that generates uncrackable passwords and auto-fills them whenever you need them. Many password keepers will store any credentials in an encrypted vault, which only you can access.

How To Create A Secure Password

Advise students to create passwords that are long, complex, and mixed. Namely, they should be at least 8 characters long, have a mix of letters, numbers, and special characters, and be as nonsensical as possible. In a brute-force attack, hackers try combinations of millions of dictionary words and numbers per second until one gets them in.    

6. Be vigilant regarding phishing scams

Schools and universities as targets: Student databases are a goldmine of personal student information. A phishing scam relies on a staff member being tricked into replying or clicking on a link in a bogus email or text message to spread malware, steal credentials, or worse. Cybercriminals have used student emails to apply for fraudulent loans, steal identities, and infect entire networks, crashing them completely.   

Prevention: You can usually detect a phishing email scam by reading the sender’s address. For example, the California Student Aid Commission’s website URL www.csac.ca.gov might show as www.csac.ca.com, and most of us would be none the wiser. To be on the safe side, ask students to send a separate email to the authority in question and to never click on links in COVID-19-themed emails. Vigilance is key.       

7. Know the terms and conditions

When you join a website, sign up for a social media account, download an app–or even use an app you already own–be aware of the terms and conditions you agree to by downloading and/or using that app. An app you use to scan your face, for example, could share that data combined with name, browsing history, contact information, and more to represent a significant security risk for you in the future.

8. Don’t share personal information

This one is fairly obvious but it bears repeating: Don’t share personal information–or at least be aware of exactly who might read (or ultimately ‘find out’) about what. It doesn’t take much of an information breach–an email address with a weak password or your full name and address–to enable someone willing to use a little deductive reasoning and internet search skills to create a threat to your identity, financial security, and more.

This also means that it’s unsafe to share accounts with friends–a Netflix account, for example.

Other Data Security Tips For Students And Schools

9. Update apps and device operating systems

10. Keep (secure) backups of important files or databases

11. Don’t use unsecured WiFi sources

12. Know your context and ‘networks’ (physical and digital)

For example, students: Know your specific risks and vulnerabilities (based on your usage, age, career goals, etc.) Schools: train staff on school and district policy.

Conclusion

Securing your personal information against cyber theft begins with having strong passwords. It’s a simple piece of starting advice any teacher can bestow upon their students. Try an encrypted password manager app.