While most college students have grown up using internet-enabled devices, it doesn’t necessarily follow that they are savvy and careful about online safety.
With the explosion of the internet of things, there are now more connected devices than there are people in the world, which provides an exponentially growing opportunity for cybercriminals to steal, disrupt and exploit.
I’d argue that instruction on good security practice is essential for all end users – that’s staff and students. They need to be able to spot dodgy websites, iffy emails and other common attacks. For colleges, it’s about extending the scope of student care to enable their learners to live an easier and safer life.
Reducing cybercrime risk
Reducing risk in this context is about making your environment as unattractive as possible to criminals. In the physical world, if your house is the only one in the street surrounded by a high fence, with anti-climb paint on the drainpipes and prickly shrubs under every window, burglars will probably look for an easier target.
The same principle applies to online property. If you protect your accounts – particularly email – your privacy and your devices as best you can. Your attack surface is then minimised – a bit like a stealth bomber.
These aircraft are designed to have a very small area visible to radar. If you can minimise that radar blip and look like a seagull, nobody is going to pay much attention – but a massive plane is a different thing altogether.
What more can colleges do?
In my view, the more that organisations can do automatically to protect end-users, the better.
Let’s take the machines owned by FE institutions: they should be covered by advanced versions of anti-virus and anti-malware and probably a web filtering service, which takes out some illegal material. If you don’t use web filtering, you’re potentially leaving yourself open to reputational damage. Email content filtering will pick up some spam and a few of them will pick up phishing attempts, too.
Something that adds a complication is that students are often using their own devices, which may not be as secure as those owned by the college. Many institutions will have deals with software providers for student to use on their own devices for discounted rates – and that’s a good idea.
Institutions need to be advising students on appropriate protection methods and putting that in a code of use and their security policies. If people are going to use your systems, they have to adhere to the rules, and ignorance is not an excuse.
Seven steps to staying safe online:
- Suss out suspicious apps – Why, for example, would a calculator app be asking to access your phone’s camera? It doesn’t need to, so it probably has an ulterior spying motive. Apply common sense.
- Avoid the phisherman’s hook – One of the recent scams that first-year students are subjected to is an email telling them they’ve won a bursary and all they need to do to get it is to hand over their bank account details. The rule is, if it seems too good to be true then it probably is.
- Take care what you click – If you receive an unsolicited email from someone you don’t know, or a strange email from someone you do know that contains a puzzling attachment or a link, it’s best avoided – it could be a virus, or a spoof website.
- Resist temptation – Students are often targeted to use as mules to launder money. It sounds great – hand over your bank details and you get £50 a week, no questions asked – but you’d be breaking the law by allowing someone to use your account for illicit purposes.
- Beef-up passwords – Use a separate password for your email account that, if breached, can often provide access to many of your other online accounts. A solid password is one that comprises a short phrase of at least three words, plus numbers and other characters. Avoid using obvious passwords such as children’s or pets’ names, which criminals may be able to guess after looking at your social media accounts – so be careful what you post. It’s best never to repeat a password. So you don’t have to remember them all, use an online password safe, which will store them all securely.
- Keep computers healthy – Install anti-virus software (a free package is better than nothing), back-up regularly and update software when prompted to do as they often contain security patches.
- Preserve privacy – Be very careful of communicating personal or sensitive information when using public computers, or a public wi-fi network, which are vulnerable to hackers. Your name and address maybe all that’s required to steal your identity, for example. Be similarly wary what you post on social media and check your accounts’ privacy settings to limit who can see what. Ideally, use a virtual private network (VPN), which uses data encryption to hide internet activity.
Digital skills, capabilities and student experience are just a few themes at this year’s Digifest, Jisc’s annual event that aims to inform, inspire and prepare FE and HE professionals for the digital challenges ahead. Keep up with the conversation today, tomorrow, and ahead by following #Digifest18.
Nelson Ody is security services manager at Jisc, a membership organisation that provides digital solutions for UK education and research