Speakers
Notable Passages from The Team During the Webcast
Cyber Bullying
“What we’ve seen with the lock down, COVID-19 and the move to online teaching and a lot of online communication between the students and teachers, is that there has been a significant rise in cyber bullying. It was recently made a specific criminal offense in the UK, and we’ve not yet seen many schools looking to address the criminal aspect of cyber bullying. A question to ask yourself is, has your school reviewed your policies and procedures and ensured it’s been updated to reflect that specific criminal complaint.” – Andrew Beckett
“For an investigation, we need to know how you’re storing those logs and how long were they stored for. Quite often we go into environments where logs may be enabled but they may only be enabled because they were turned on by default and are therefore set to default settings. Quite often these can be anywhere from 30, 60, 90 days which is fine, but if you want to investigate beyond that how can you do it without the data. Do you have enough data to answer any questions during an incident or an alleged incident? – James Thoburn
Fraud
“It’s fair to say that COVID-19 has presented the criminal fraternity with an effective cornucopia of victims for all kinds of fraud and cyber-attacks. What we’ve learned very quickly is that organized crime, in particular the broader criminal fraternity, have been very quick to adapt their attacks that they use day in and day out to attack organizations and individuals using the latest disaster or incident. A lot of attacks during this pandemic have been fake emails from scammers pretending to be the latest information update from the government and HM Revenue and Customs, both inviting you to supply your personal information and bank details. – Andrew Beckett
“What you can do it make it harder for a business email compromise attack is to enable a multi-factor authentication protocol. This will stem the attack to a large degree. What’s being targeted here is the human, trying to put pressure on the person to perform an action. If we put in steps to verify financial transactions, just by putting in an extra bumper, it gives the individual a chance to tally up and make sure everything makes sense. They might imply a sense of urgency or make you comfortable—the attacker is relying on you not to check over the details. – James Thoburn
Denial-of-service and Ransomware Attacks
“It’s very lucrative for the attackers mounting a cyberattack and whilst the education sector doesn’t pay as well as healthcare at the moment, which is where we’ve seen the most significant rise in attacks, the move to online schooling has meant that schools are particularly susceptible to it and it has indeed made an impact quite quickly. There have been cases, more so in the U.S. where these attacks have actually been made by pupils who now have more time on their hands. – Andrew Beckett
“When you look at the different platforms schools are using for online learning, they give you a variety of security controls you can configure. One of them is as simple as having a different password for the teacher and a completely different password for the students. Definitely set a meeting password. Unfortunately, we’ve seen in some instances where individuals have logged onto online school lessons and done things that are very unsavory. Look at your security controls, making sure you update them, your software and your policies. – James Thoburn
Security of Online Classes
“It’s very much a case of look out for what patches have been released for the products you’re using. Make sure they’re applied to address all of those vulnerabilities that have bee identified and keep yourselves as secure as possible. Ensure you keep your back ups offline so that they can’t be encrypted or effected. As with all of this and all the attacks we’ve been talking about, there are very simple solutions that senior management can talk through and IT teams can deliver to make it less likely the victim of an attack. – Andrew Beckett
“A popular video conferencing app has become such a prolific attack surface so it’s crucial that you keep up to date with the security bulletins that your service providers are pushing out to you. It’s your responsibility to act on it. We’ve seen that meetings that were supposed to be internal have been accessible by external parties by virtue of the security controls not being correct. We have seen so many cases over the last six months and before that where a particular vendor’s patch was actually published last year but so many organizations didn’t take any notice and didn’t take action. They’re now suffering the consequences. We’ve seen daily inbound issues relating back to that particular VPN. – James Thoburn
