How to Protect Yourself from Email Phishing and Other Cyber Attacks
Education Sector Was the Top Third Sector Breached in 2014
Whether you’re starting a new job or still catching up on emails from over the holidays, the start of the New Year provides the perfect opportunity for those of us working in education to better safeguard our digital activities.
Did you know that, according to Symantec, the education sector was the third-largest sector to experience data breaches in 2014, with 31 total breaches? (The largest was healthcare, with 116 breaches.) Unfortunately, most online data breaches are a result of human error.
Take for example, the case of one school district employee who mistakenly clicked on a phishing link in an email, putting the private information of hundreds of employees at risk. Or the university employee who opened an email attachment containing malware and exposed tens of thousands of patients’ personal information, including social security numbers.
Cyber attacks and data breaches occur through many different vehicles. However, since email is one of the main ways we communicate and exchange information, it has become one of the primary attack methods used by cyber criminals. So, what can we do to protect ourselves?
Top 5 Sectors Breached by Number of Incidents
Education was the top third sector breached in 2014.
Learn to identify phishing emails (versus spam):
- Spam: Unsolicited emails that are usually trying to sell you something. They do not include attempts to acquire sensitive information.
- Phishing: Emails that ask you to provide personal/financial information, or to click on a link or open an attachment in order to inject your machine with viruses and malware. They usually create a sense of urgency and demand you to take immediate action. The objective is to steal valuable information.
- Spear Phishing: Targeted phishing emails that appear to come from an individual or business you know. Oftentimes, the greeting, subject line and content of the email have a familiar tone and contain personal information the attackers pulled from your social networking accounts. The idea is to gain your trust so you’ll give them the information they request.
“I don’t think there’s a school district in America that doesn’t have important digital assets sitting on a computer somewhere that needs to be protected.”
Executive Director, National Cybersecurity Alliance
Always double check the sender’s email address or the link they’re asking you to click by hovering your cursor over it. Spelling and/or grammatical errors throughout the email are also a red flag.
If you receive a phishing email or are unsure whether an email request is legitimate, contact your information security team and forward them the suspicious email as an attachment so they can determine its legitimacy. If the suspicious email appears to come from someone you know (a friend, or your bank), call them to verify they did in fact send the email. Keep in mind that legitimate businesses typically won’t ask for personal information such as passwords and usernames via email. When in doubt, simply delete the email.
To avoid becoming the target of a phishing attack, it’s also good practice to:
- Limit the amount of personal information you post on social networking sites.
- Use complex passwords (including letters, numbers, and special characters) when setting up online accounts, and change them frequently.
- Keep your computer software up-to-date.
Visit the U.S. Department of Homeland Security’s “Stop.Think.Connect” online toolkit for cybersecurity tips tailored for students, parents and educators. For more information on how to avoid being a victim of phishing attacks, visit the National Cyber Security Alliance’s “Stay Safe Online” site. If you or your school or organization believe you’ve been the victim of a cyber attack, you can also report it to the Federal Bureau of Investigation’s Internet Crime Complaint Center.