When news broke out last week that over 2,000 Bethlehem Central students’ data had been digitally breached by unknown hackers, a natural response is to take cybersecurity more seriously moving forward.
The breached data affected students’ names, birth dates and email addresses as Bethlehem Central was among 13,000 other districts across several states that were also hit.
AIMSweb – a student assessment tool under Pearson Education, Inc. that BC had used up to June 2017 – had originally been breached in November 2018. Pearson discovered this in March 2019 before beginning to inform affected districts in July. Pearson finally informed BC within the past three weeks.
The number of hackers, their identities and motives remain unknown in the meantime. However, several cybersecurity experts and organizations throughout the Capital District offered their perspectives on the matter.
“It’s not always a case where hackers are looking for money from an individual or institution,” wrote Joshua S. Koons, the director of New Business Development at the Saratoga Springs-based Tech II Business Services, Inc. in an email. “In many cases, [they] are looking for that information to sell off in bulk to others. From there, it could just be used for marketing purposes but could potentially be more severe, depending on the detail of the information.”
Victoria Kisekka, an assistant professor in information security and digital forensics at the University at Albany’s School of Business, said, “The importance of cybersecurity isn’t new but the reason is more important lately because cybercrime threatens nearly every aspect of our lives since almost every aspect of our lives is electronic. Essentially, you need to protect your information and devices from theft, misuse, damage and service disruption.”
She said that if people are not too careful with their personal information online, they may be more vulnerable to being a victim of tax fraud, identity theft, having fraudulent bank accounts opened by a hacker and more.
The East Greenbush-based Center for Internet Security (CIS) provided a webpage called “Online Safety and Cybersecurity Tips for K-12 Kids, Family and Friends” earlier this month where it gave examples of cybersecurity risks for children and families like cyberbullying, identity theft or phishing, sexting and shady interactions on social media platforms.
It also encouraged parents to start discussing the importance of cybersecurity with their children at an early age, as soon as children begin having access to a computing or electronic device. Parents should also be aware of what their children are doing online, especially when they are much younger, and to foster an honest and welcoming environment where children can feel comfortable coming to their parents with questions about their online experience.
For more information, visit www.cisecurity.org/newsletter/cybersecurity-tips-for-k-12-kids-family-and-friends.
“In every environment, the end user is always going to be the biggest vulnerability,” Koons similarly echoed the above sentiment. “Education on even the smallest scale should start the first time a child is allowed to turn on a device.”
Both Koons and Kisekka agreed that people should embrace multi-authentication, where an organization would need more than one way to authenticate you before using its services. It would ask you to verify your email address and phone number, for example, as opposed to just needing one password.
While multi-authentication or two-step authentication is not always required, it provides an extra layer of security for the user. Major companies like Bank of America, Google and Microsoft are among those encouraging their users to use two-step authentication.
Kisekka offered several more tips like clearing out one’s browser and closing out of every session when using the internet or an online service; regular credit monitoring to see if someone else has opened an account without your knowledge; not auto-saving your passwords as someone may easily access every account and not need a password; keep up with software updates for your electronic devices; and use just one credit card for online purchases.
“A debit card is directly connected to your bank account and you’re giving someone else direct access to your money more easily. It may take the bank some time to recognize fraudulent activity and then you’d need to provide proof,” she said. “So, try not to use a debit card there. Also, with a credit card, if Chase gets hacked, for example, and your card is Chase, then that’s just one card you’ll worry about.”
Koons wrote that cybersecurity should not concern just schools and households but also businesses and municipalities, and that his company uses tools to monitor and fight against potential breaches every day.
Kisekka said, however, that cybersecurity threats are increasing in recent years and it’s becoming more challenging to identify hackers due to technology remaining ever-evolving which makes it easier for hackers to launch new attacks.
Hence, as CIS stated, teaching cybersecurity to children at a young age can be very beneficial for them in the long run as they themselves learn to recognize potential cybersecurity risks and ways to avoid them.
Kisekka concluded that as more digital breaches occur and are reported in the news, she said she believes that there is an increased interest in recent years among people to study and pursue a career that is related to cybersecurity. “Every company has to worry about cybersecurity nowadays,” she said. “Like how every company needs an HR and IT department, it’s now very important to have a cybersecurity department too.”