It’s ugly out there, people. Good security starts with you.

Avoid the hook.

Phishing. Don't take the bait. Our tips to stay safe online.

Staying secure in the modern world

Halfway through the 2021 academic year, and we are still hearing of phishing attacks on schools at all levels throughout Aotearoa. There was a time were only the big global companies were targeted by these attacks. The recent attack on the Waikato DHB should be, and has been, a wake-up call for all organisations. One thing that strikes me when visiting schools is the lack of awareness posters up on the walls. Nothing in the staff room, nothing in the hallways, nothing in the learning spaces. 

For me this is concerning. Most if not all schools have some form of a Digital Citizenship programme they run for students. Part of being a good digital citizen is knowing how to keep safe online. Being able to identify a phishing email, learning to not download an application from a random Internet site, or clicking on links in instant messages is central to this (ISTE standard 2B for students relates directly to this very point). 

The risks that these types of attacks can introduce can be broadly categorised into one of two buckets; ransomware , where all your files are encrypted and you cannot access them without paying the hijackers, and theft where either your data is stolen to be sold on the dark web, or you are tricked into paying phoney invoices.  

Ransomware attacks are growing. Imagine being at the end of a school year, your students have worked hard all year on assignments, and suddenly they are no longer available for final grading or revision for external exams.  

Arguably worse than a ransomware attack is the theft of data. Schools hold a large amount of personally identifiable information (PII) about staff and students, from home addresses to medical information.  All this information holds a value, whether for identity theft, online bully or worse. 

Being tricked into sending school funds to bad actors is still a very real risk, despite years of publicity around the tricks used. A request to purchase 100 iTunes cards for example, or a request from the ‘principal’ to urgently pay the attached invoice should set off alarm bells. The sad reality is it doesn’t always. 

We live in an always-on world, connected across multiple online platforms. The ease in which we share content and connect to friends and colleagues has exploded in the last 5 years. Unfortunately this connectedness allows the attackers to understand the hierarchy at a school, the movements of staff and tailor their messaging accordingly. And because so many transactions are now done online, seeing an email from your favourite online store offering a special deal is accepted with glee, not scepticism.  

Awareness of how to identify a phishing or bogus email can reduce the chances of a user falling for it and introducing an external threat. Better still, awareness and on-going training and assessment that is targeted to the whole school community. The cost to implement these steps starts at $0.  

Ask yourself, what is the financial and reputational cost to do nothing and be compromised?  

Subscribe to our newsletter

Subscribe to Cyclone news to keep up to date with new technology, current trends and future thinking.

search articles
Aaron Overington
written by our very own

Aaron Overington

Aaron is an IT management veteran with over 20 years experience under his belt, but his passion for technology started even further back in the early days of desktop computing with the ZX Spectrum, the Amiga and the BBC Micro.

Aaron is a key part of the Cyclone team and works as one of our Technical Account Managers, we simply know him as a trusted advisor and a safe pair of hands. Aaron takes the time to understand the demands and needs of NZ businesses and schools before developing tailored solutions.

connect with aaron on linkedin