TASB buildings are temporarily closed. Staff members are working remotely and are available by email or phone.

TASB Risk Management Fund

You Better Watch Out! While You're Celebrating the Holidays, Cybercriminals Are on the Job

November 22, 2019 Jessica Clark, David Wylie, and Lucas Anderson

With the holiday season in full swing, school districts should remain on high alert for cybercriminals looking to take advantage of the hustle and bustle. We encourage everyone to take extra precautions to avoid landing on Santa’s naughty list, or worse, falling victim to cyberattacks during the holidays.

Ho ho hold on before you click that link

Cybercriminals commonly pose as banks, retailers, and package-delivery services such as Amazon, USPS, and other legitimate organizations. Their goal is to trick you into clicking on a link that will infect your computer or steal your login information. Common emails include can’t-miss bargains, fake shipping confirmations, and notifications about fraudulent charges on your account. Avoid that lump of coal this holiday season by thinking twice before responding. Instead, search Google for reports that the email is a scam. You should also check out these tips for protecting yourself from phishing emails.

We “vish” you a merry…

You better watch out! The incoming call you are receiving may be coming from a grinch! Hackers don’t only use sophisticated phishing emails during the holiday season. Voice phishing, also known as ‘vishing’, comes via unsolicited phone calls. These types of attacks increase during the holiday season as so many online purchases and expedited deliveries are in motion. Attackers may call and masquerade as a delivery service, an online vendor, or your financial institution. They might request that you confirm your credit card number, your account name and login, or other personal information to ensure that your holiday purchase arrives on time. Be wary of any unsolicited calls and think twice before providing any personal information to a stranger on the phone!

Protect district devices

If you’re taking your district-assigned device home, take extra care! School may be out for holiday break, but criminals are just getting started. Continue to report suspected cyber-attacks and lost or stolen devices immediately.

Practice good cyber-hygiene

Fake retail apps and websites designed to capture credit card information or infect computers are more common during the holidays. Do not use school-provided devices to make purchases from unfamiliar retail sites or apps. Before downloading apps onto your personal device, read the user reviews thoroughly. To minimize risk to your district, use your personal email address, not your school-provided email address, to create or log into accounts for personal purposes.

Avoid free Wi-Fi

Coffee shops, restaurants, and book stores are welcome pit stops where weary shoppers can relax and enjoy free Wi-Fi. Unfortunately, public places often maintain low-level network security that cybercriminals can hack. Keep in mind that any information you view or passwords you enter on public Wi-Fi are fair game to cybercriminals. Avoid logging into district accounts or connecting school computers to public Wi-Fi networks when possible. If this is unavoidable, then always use a Virtual Private Network (VPN) to secure the connection and protect your data.

Restrict privacy settings

Preserve data privacy and security by selecting the appropriate privacy settings for documents in public cloud-based services, such as Google Drive and Dropbox. Users and organizations often choose convenience over privacy by selecting “anonymous sharing,” which makes their sensitive information accessible to unintended parties. Never use anonymous sharing on documents that contain personally identifiable information (PII), and don’t be fooled by the false sense of privacy provided by the “anyone with the link” feature. This also applies to the easy-to-use “get shareable link” feature you’ll find on the context menu and simplified sharing dialog box. Finally, avoid granting access requests to Google documents from individuals you do not know. Criminals often get access to personal information or sensitive school documents by simply requesting access. 

Ready to test yourself?

If you’re worried about falling victim to common holiday scams, test your knowledge with this quiz.  

Editor's note: This article was originally published in December 2018 and has been updated for accuracy and comprehensiveness.

Tagged: "cyber security", cybersecurity, "data breach"