As the academic year begins, cybercriminals ramp up their efforts to exploit students, faculty, and staff through targeted scams and social engineering. Rajiv Kohli from The College of William & Mary warns that these threats are increasingly sophisticated and timed to coincide with the return to school.
Emerging Scams
- Fake emails or texts impersonating faculty members.
- Messages inviting students to apply for research, register for parking, or pick up ID cards.
- Links that steal credentials and access sensitive data like billing and financial aid.
- Hackers may alter bank routing numbers to intercept tuition payments.
Social Engineering Focus
- Attackers exploit trust and social values rather than technical vulnerabilities.
- Students and staff are more vulnerable due to unfamiliar contact numbers and increased communication.
MSP Recommendations for Schools
AJ Thompson from Northdoor, an IT consulting company, outlines key strategies for Managed Service Providers (MSPs) to help schools combat these threats:
Top Threats
- Phishing & Social Engineering: Especially prevalent during the communication-heavy start of the school year.
- Wi-Fi Phishing: Tricking users into connecting to malicious networks.
- Ransomware: Targeting schools with weak backup strategies.
- Data Leakage: Risks from misconfigured cloud apps and endpoint devices.
Security Best Practices
- Unified Security Platforms: Simplify operations by consolidating tools.
- Endpoint Detection & Response (EDR): Real-time threat detection and policy enforcement.
- Email Security Enhancements:
- Real-time phishing and malware protection.
- Secure messaging and cloud email integration.
- Quarantine and warning modes.
- User feedback for reporting phishing attempts.
MSPs play a critical role in protecting educational institutions, especially those with limited internal IT resources. It is important to emphasize proactive, comprehensive cybersecurity strategies to safeguard sensitive data and maintain operational integrity.
Source: SmarterMSP