TASB Risk Management Fund
INSIDERM

You Better Watch Out! While You’re Celebrating the Holidays, Cybercriminals Are on the Job

December 18, 2018 Jessica Clark and David Wylie

With the holiday season in full swing, school districts should remain on high alert for cybercriminals looking to take advantage of the hustle and bustle. We recently saw a trend in phishing campaigns against Texas schools that resulted in significant financial loss. We encourage everyone to take extra precautions to avoid landing on Santa’s naughty list, or worse, falling victim to cyberattacks during the holidays.

Ho ho hold on before you click that link

Cybercriminals commonly pose as banks, retailers, and package-delivery services such as Amazon, USPS, and other legitimate organizations. Their goal is to trick you into clicking on a link that will infect your computer or steal your login information. Common emails include can’t-miss bargains, fake shipping confirmations, and notifications about fraudulent charges on your account. Avoid that lump of coal this holiday season by thinking twice before responding. Instead, search Google for reports that the email is a scam. You should also check out these tips for protecting yourself from phishing emails.

Protect district devices

If you’re taking your district-assigned device home, take extra care! School may be out for holiday break, but criminals are just getting started. Continue to report suspected cyber-attacks and lost or stolen devices immediately.

Practice good cyber-hygiene

Fake retail apps and websites designed to capture credit card information or infect computers are more common during the holidays. Do not use school-provided devices to make purchases from unfamiliar retail sites or apps. Before downloading apps onto your personal device, read the user reviews thoroughly. To minimize risk to your district, use your personal email address, not your school-provided email address, to create or log into accounts for personal purposes.

Avoid free Wi-Fi

Coffee shops, restaurants, and book stores are welcome pit stops where weary shoppers can relax and enjoy free Wi-Fi. Unfortunately, public places often maintain low-level network security that cybercriminals can hack. Keep in mind that any information you view or passwords you enter on public Wi-Fi are fair game to cybercriminals. Avoid logging into district accounts or connecting school computers to public Wi-Fi networks when possible. If this is unavoidable, then always use a Virtual Private Network (VPN) to secure the connection and protect your data.

Restrict privacy settings

Preserve data privacy and security by selecting the appropriate privacy settings for documents in public cloud-based services, such as Google Drive and Dropbox. Users and organizations often choose convenience over privacy by selecting “anonymous sharing,” which makes their sensitive information accessible to unintended parties. Never use anonymous sharing on documents that contain personally identifiable information (PII), and don’t be fooled by the false sense of privacy provided by the “anyone with the link” feature. This also applies to the easy-to-use “get shareable link” feature you’ll find on the context menu and simplified sharing dialog box. Finally, avoid granting access requests to Google documents from individuals you do not know. Criminals often get access to personal information or sensitive school documents by simply requesting access. 

Ready to test yourself?

If you’re worried about falling victim to common holiday scams, test your knowledge with this quiz.  

Tagged: "cyber security", cybersecurity, "data breach"