18 Cybersecurity Tips for Families & Schools
Become a member or log in to view this course
Superintendents, Directors and Principals: Request a partnership on this page to unlock our resources for your whole community.
Become a member or log in to view this course
Full access to all 130+ courses
Watch all replay videos
Unlimited Yearly Access
Full access to all 130+ courses
Watch all replay videos
Superintendents, Directors and Principals: Request a partnership on this page to unlock our resources for your whole community.
This is great info, thanks for giving me some ideas on how to start a dialogue with my teen!
Parent VIP Member
Josh's presentation about social media was unbelievably fantastic. Our students learned so much about what kids should and shouldn't be doing. The fact that it is such a thoughtful process made it all worthwhile.
Director of College Advising
Educator Webinar Attendee
This webinar is a very helpful eye-opener on the apps that are popular with my students.
Educator Webinar Attendee
Parents and Teachers: This app is listed in the SmartSocial.com Green Zone.
We believe this app is a STARTING POINT for your student, but that you must monitor your student on every app they are on. Join our weekly newsletter to learn about the 100+ App Reviews at SmartSocial.com
Parents and Teachers: Please note this app is listed in the SmartSocial.com Gray Zone.
Parents should participate in these apps with students to keep them safe.
Join our weekly newsletter to learn about the 100+ App Reviews at SmartSocial.com
Parents and Teachers: This app is listed in the SmartSocial.com Red Zone. We believe this app is not safe for students to use without adult supervision. Join our weekly newsletter to learn about the 100+ App Reviews at SmartSocial.com
Parents and Teachers: This app is listed as a Dangerous Social Media Challenge. Knowing about social media challenges before your teen does can help you keep them safe before an incident occurs. Join our weekly newsletter to learn about the 100+ App Reviews at SmartSocial.com
We protect our valuable items: houses, cars, important paperwork…but how much do we protect our digital assets and information? Cybercriminals are getting savvy with their phishing emails and hiding malicious downloads. Both schools and families are vulnerable to attacks from every individual email account on their network.
So, we asked cybersecurity experts for best practices and warning signs for both families and school staff to look for to avoid phishing, ransomware, and malicious downloads.
1. Teach cyber “hygiene”
Paul Bischoff, Privacy Advocate, Comparitech
For younger kids, parental monitoring software on laptops and phones can inform parents of what their kids do online and let parents set content policies to block inappropriate content.
Teach your kids basic cyber “hygiene”:
- Don't click on unsolicited links or ads
- Don't overshare on social media
- Keep apps and operating systems updated
- Set a unique password for every account
- Adjust the privacy settings on all of your apps and operating systems
I always recommend parents of teenagers follow and friend their kids on social media. By joining the same social networks, parents can monitor their kids while maintaining a safe distance. Parents will get to know the risks associated with the social networks that their kids use, and kids will be less likely to engage in risky behavior if they know a parent is watching.
There's no shortage of real-life examples in which people were scammed or hacked and suffered significant losses.
Keep learning and staying up-to-date about cyber safety with resources like SmartSocial.com or Comparitech.com.
“This age group is very comfortable being online and being very public about their lives,” McClellan said. “So that makes them very trusting when they’re on the Internet.”
2. Family discussions
Ling Ling Fung, CEO, Metro Baby
Cybersecurity should be talked about by every family as a whole. Times are changing and being vulnerable to these kinds of attacks is becoming more and more common.
No matter what the ages of the household members are, it should be addressed proactively. It can be brought up during dinner or anytime that everyone is gathered around. Among the topics that should be discussed are reminders of creating strong passwords, never clicking pop-up spam, never giving out personal information, and being careful about what's downloaded.
Students, in particular, need to be briefed in a way that they can understand. Explain to them rules they must obey in simple terms. For younger children who cannot grasp the concept just yet, Internet usage should always be supervised. Having open conversations with the family is important in instilling vigilance for any online activity.
Parents and kids alike should remember to not overshare on social media. Social networks can easily be exploited and used for cyberattacks. To prevent this from happening, limit the posts you share on social media. For instance, do not announce your vacation until it is over. Do not post your whereabouts because doing so is basically saying I'm not at home, rob me.
Discuss among your family to change social media accounts to private and update security pages regularly. Remove any personal information and unfriend people you don't know.
3. Research all parental controls before downloading
Josh Ochs, Founder, SmartSocial.com
Parental control software and antivirus software can be great additions to help protect your family’s cyber security. We recommend doing thorough research on the software before buying and downloading it to your devices. Some companies are based in countries that do not have similar privacy protections like we have and may have links with their governments. Read our Parental Controls resource to find out some pros and cons of dozens of popular parental control and cell phone monitoring apps.
4. Disable location services
Cindy Corpis, CEO, SearchPeopleFree.net
The easiest ways to prevent being a target of cyber-attacks are to prepare your personal computer systems for intrusions, warn your family about potential hazards, and be vigilant of strange behavior.
On your personal computers, you must download powerful antivirus programs that will constantly monitor the computer for hazardous items which may have developed as a product of a cyber-attack. Running a nightly scan for upgrades will guarantee that your system has more up-to-date security.
Change your privacy options and disable location services to avoid extra possible assaults. Make sure you communicate to young kids about how serious cyber-threats are and about what to look out for.
Preventing cyber-attacks is the easiest means of avoiding them, and it may be as simple as paying enough attention to strange emails.
5. Be aware of the services you use
Claudiu Cogalniceanu, FindMyData
These recommendations might not seem like much, but they can really help consumers protect and preserve their information, as well as their family’s information.
- Use strong passwords, but make them different for every account/device you use. Consider a password manager like Dashlane to help manage strong passwords for your whole family (learn more: SmartSocial.com/dashlane
- Make sure you change your passwords frequently - I change all my passwords every 3 months
- Be aware of the services you use and make sure you know what they do with your personal information. Might not be a surprise to everyone, but many organizations from around the world sell and share their users’ personal information, and is usually done without the users’ knowledge
- Delete your information from companies you don’t use anymore. This is particularly helpful and I strongly recommend this. If a company can’t make money out of you, they might sell your information to make up for their loss. Unfortunately, this cannot be achieved by everyone, as only a few states in the US have privacy laws, but those that have this ability should always clean their digital footprint
6. Backup and make copies
AlonGolan, Product Marketing Manager, Odix
Like any other core topic related to families, first and foremost I would say they should invest in values, cyber education, and cyber awareness.
- Know that if a good hacker wants to hack your computer, they will find a way
- Make sure to have at least two copies backed up on physical removable media (thumb drives and hard drive)
- Have the copies backup up once a month, and have each copy backed up in different months (for example, Hard drive 1 would back up the files in January, March, May… while Thumb drive 2 will back up the files in February, April, June…). That way, even if you have a “sleeper cell” ransomware on your backup, you can still recover some information from the other disk
- Invest in cloud backup
- Make the hacker's life difficult by applying strong passwords and changing them every 6-12 months or after every time you hear about a breach to a service that you are using or a family member, friend, colleague, who gets breached
- While most think that using a password such as ‘THISi$V3rySafe’ is the best, it’s better to have a longer sentence you can remember such as ‘once upon a time I forgot my keys attached to the door’
- Don’t be lazy: apply different passwords for different accounts. If a hacker gets your password they can and will be using it with different services you are using based on your email address. Don’t want to remember a lot of different passwords? Consider a password vault like SmartSocial.com’s recommendation of Dashlane
As a good percentage of successful hacking campaigns originate from email, I would focus my efforts on that topic:
- Self-educate yourself and your family about phishing and social engineering. Many phishing simulators are affable online, to help you train yourself and distinguish between a legit email and a suspicious one. As a general rule of thumb, if you don’t know the sender or the file sounds too good – do not open it!
- Look for file elimination tools also known as Deep Content Disarm and Reconstruction (CDR) or Deep File Analysis solutions
- NEVER give any personal information out via email. No service provider will ever ask you to give your password, credit card information, etc. online. If you receive such a request from a close relative, colleague, or friend – perhaps their account has been hijacked. The best practice is to give them a call and verify they indeed sent that request
- Apply MFA (Multi-Factor Authentication) in as many tools as possible. When possible, set a backup email address different from your primary one
7. Determine your security threats
Craig Thompson, HackingVision
With the aid of the Internet, we now have access to a wealth of information that may help us enhance our lives in new and interesting ways. The Internet, on the other hand, has the potential to harm us and others we care about. We hear all too often about another corporation being hacked, or a friend's email or social media account being hijacked. These dangers are quite serious.
Here are tips to help minimize these risks:
Determine the security threats that exist in your house and on your devices: Hackers can get access to your home's Wi-Fi network. Consider security software that can identify intruders on your network and make sure your password is tough to guess. Teach your children the importance of staying away from public Wi-Fi networks.
When was the last time you utilized a public Wi-Fi hotspot? Almost every coffee shop, school, airport, and hotel now provides a way for you to access the internet using your phone or another mobile device. That means that unless you've taken efforts to protect your data, hackers in the area might acquire access to your phone's data.
Become an authority on the subject of phishing: You may know better than to click on a URL that looks to be from your bank or a friend, but does everyone in your household? Teach your kids about phishing and don't let them click on links in emails or social media posts. Invest in a security program that can identify and block questionable URLs. Read more at SmartSocial.com’s Parental Control Software & Cell Phone Monitoring Guide.
Recognize that cybersecurity is an ever-changing target: Because cybercriminals are continuously developing new risks, you must be vigilant about downloading the most recent security updates and patches and keeping an eye on the news for any new threats.
Remind your family that just because their gadgets are protected by antivirus and firewall software does not imply that a hacker will not deactivate them.
Keep a watch out for con artists: There are many techniques to persuade you to provide your personal data. Even ostensibly, legal firms can dupe you into signing yearly payments and other similar contracts. Pay close attention to the statements on your credit cards.
Students should be taught the significance of online safety: When it comes to cybersecurity, children are typically the weakest link. Install security software to prevent minors from viewing or clicking on inappropriate links or websites. Teach kids about unethical internet behavior and encourage them to seek help if something seems strange.
8. Consider an identity protection service
Michael Miller, CEO, VPN Online
In our increasingly digital world, protecting our families against cyberattacks is more important than ever. While there are many steps we can take to safeguard our online identities, one of the most important things families can do is to subscribe to an identity protection service.
These services monitor your personal information for signs of fraud or theft and provide tools to help you recover your accounts if they are compromised. In addition, they often offer insurance in case of financial losses due to identity theft. By subscribing to an identity protection service, you can give your family the peace of mind that comes with knowing you have taken a proactive step to protect them from cyberattacks.
Additionally, families should make sure their home computer networks are secure and that their devices are up-to-date with the latest security patches.
Finally, it is important to have a plan in place in case of a cyberattack. By having a plan in place, families can ensure that they know what to do if their personal information is compromised or if they are the victim of identity theft. In addition, a plan can help families quickly and efficiently recover from an attack, minimizing the disruption to their lives.
By taking these precautions, families can help to protect themselves against the ever-growing threat of cybercrime.
9. Don’t take "candy" from strangers
Bill Mann, Privacy Expert, Restore Privacy
We teach our children to never take candy from strangers on the street, but the same type of conversation needs to be had with our kids surrounding the use of the internet. Children are naturally impressionable which makes them far more likely to be susceptible to social engineering scams where they voluntarily give personal information that cybercriminals then use against them.
A great way to instruct kids about cyber security is to show them obvious phishing messages and ask them to identify why they are fake. Turn it into a game where you quiz your kids on the signs of scam emails, like if there are obvious spelling errors or low-resolution logos.
A great safe-guard to prevent cyber attacks is to set up a VPN for your home computer (learn more on SmartSocial's Parental Control recommendations page). This will make it much more difficult for cybercriminals to prey on your family by masking the whereabouts of your IP address. These are common in businesses but are less so in home computers.
Start drilling into your kids that they should never respond to any direct message or emails without your supervision. Make the downloading of any file or program off-limits. Create hard lines that they know they shouldn't cross, and enforce consequences if they are crossed. Kids will naturally try to push the limits and will be given many opportunities to do so. Make sure you are prepared by frequently monitoring their online activity and putting parental controls in place whenever possible.
10. Secure your printers
Artem Sryvkov, EB Solution
It may sound trivial but you won’t believe how much valuable private information can be pulled by hackers from your printer without you even noticing it. And that’s not all, printers nowadays have access to your devices, network, and the internet which makes them a perfect target for hackers trying to spread their botnets and malicious software.
So, what can an ordinary person do to protect their printer? First of all, use a stronger password. If I had to guess, I’d say that every 4th or 5th printer can be “hacked“ by using a simple list of 50 most common passwords. So please, change your “admin” or “password123” or even worse “qwerty” password to something stronger. A good password should be something in a range of 12-16 characters that has numbers, letters (both lower and upper case), and special symbols like asterisks, underscores, braces, etc.
Also, look into your printer settings/properties. Going through the tabs you’ll probably find a tab with all the users that have access to that printer. Make sure that only devices you trust have access to your printer. Found someone you don’t know? Remove their access and change your printer password. Didn’t find anyone suspicious? Great, check back in a month or two. This is a nice habit to have and it takes less than a minute to do.
And lastly, update your printers regularly. Every printer company spends huge amounts of time and resources on finding and fixing software vulnerabilities.
11. Consider a credit report freeze for your kids
Brent Hale, Chief Content Strategist, Tech Guided
I have seen a lot of disturbing cases of cyberattacks in my career which is why I'm always so worried about my family, especially my kids.
We often see network safety for seniors on the news as they succumb to email and telephone phishing tricks. Be that as it may, with regards to fraud, kids are considerably more prone to be impacted.
Why are children an ideal target? Consider it - kids won't have to look at their credit reports for as long as 18 years. Criminals can assume cards in their names and enjoy the good life, damaging your kids’ future credit scores. They'll pile up unpaid liability until your child is denied a school advance since they're some way or another $1 million strapped in debt.
I explain to my kids that I'll put a credit freeze on their report (or if nothing else check it) to keep key safety issues from influencing them later on. Every time I survey their credit report I include them in the process to cultivate knowledge of what I'm doing, how I'm doing it, and also why it's important for them to learn.
12. Use familiar words and metaphors to explain digital safety to kids
Tristan Harris, Demand Generation Senior Marketing Manager, Thrive Internet Marketing Agency
The simplest approach to explaining these cybersecurity concepts to a child is by using familiar words and analogies that they can understand. Some examples are talking about computer viruses, password sharing as well as fraud. The risk that your information might get hacked or stolen is called cybercrime!
As for me, I relate the risk of sharing the password to giving your house key to a stranger. Another example is how anti-virus software can best defend yourself against online threats like malware and other computer viruses; you can compare it to vaccinations against common flu that help boost the immune system against future attacks on the body.
By making simple connections to the real world, children can better comprehend the dangers of cybersecurity. I also recommend the FBI’s Safe Online Surfing. This site offers games and teacher resources to help children of all ages stay safe online.
13. Always use multi-factor authentication
Timothy Robinson, CEO and Cybersecurity Expert, InVPN
Being a cybersecurity expert, there are many tools and techniques schools can use in addition to security awareness training to avoid cyber incidents.
Phishing can be prevented by allowing multi-factor authentication (MFA) for all school facilities, including teacher and student email accounts and any other program that stores confidential information. It's also never too early for students to learn how to apply this method to their online lives outside of school.
With the volume of data brought in by remote learning, educational institutions can back up their systems on a regular basis and store backups in an 'offsite' spot. Offsite can be described as a location that is not linked to the main network, making it much more difficult for a criminal hacker to delete or encrypt backups.
14. Read tips from the Federal Trade Commission, FBI, and even PBS
Aliza Vigderman, Senior Content Manager, Security.org
Here are some clues that an email is potentially phishing, according to the Federal Trade Commission:
- The email looks like it’s from a company you’re familiar with, whether that’s a social media site, a bank, a credit card company, etc.
- The email tries to get you to click on an attachment or link, saying something like there’s a problem with your account, you have to confirm personal information, or you’re eligible for a coupon.
- The email has a generic greeting that doesn’t use your name.
The easiest way for employees, staff, and teachers to avoid phishing, ransomware, and downloads in their professional communications is to download antivirus software on all of their work-related devices. Antivirus software scans for phishing, ransomware, and other types of malware, quarantining malicious software if it finds it so that it can’t affect the rest of the device.
As soon as students are granted access to school-provided email accounts is also when schools should start teaching students about phishing, ransomware, and malware. Being able to recognize phishing emails is essential for safe internet usage. There are a number of user-friendly digital security resources for kids that can teach them the basics of malware and cyber-attacks from organizations like PBS and the FBI.
15. Creating a cyber threat team and response before there’s ever an incident is key
Sidra Ijaz, Research Analyst, InvoZone
There are many clues that an email is phishing. These emails are designed in a way that the victims respond and click on the links immediately. The content of such emails is specially designed to manipulate the emotions of the victims. For example, sometimes they have a sense of fear in them.
These are a few patterns in a phishing attack:
- Such emails manipulate victims emotionally
- They have a sense of urgency
- Links look suspicious. The best way to identify phishing links is by using secure phishing detection services such as Google Transparency Report
- There may be spelling and grammatical errors
Awareness is the key. The major source of ransomware attacks is phishing emails. For example, unaware employees can unknowingly assist in ransomware attacks by downloading malware through phishing emails. Awareness training of all the staff, teachers, and students can significantly reduce the impact of phishing and ransomware.
We have to change our cyber defense mindset from ‘incident response’ to ‘continuous response’. We have to adopt proactive cybersecurity measures against evolving ransomware attacks. These include offensive cybersecurity measures (such as ethical hacking and pen-testing), and cybersecurity drills. You can check the level of awareness and security culture in a school by launching a mock phishing attack.
Ransomware and phishing attack mitigation requires swift measures from incident response teams. Data protection and backup, forensic analysis, and disaster recovery plans are key to reduce the impact of the attack. School administration should work on developing a cybersecurity team.
As soon as students start using computers/smart devices is when schools should be teaching cybersecurity training to them. Students should be aware of the cyber threat landscape.
16. Read every sentence & review the sender’s email address
Tom Kirkham, Founder and CEO, IronTech Security
Here are some tips on how to spot a phishing email on your own:
- Is it coming from a public email domain or a private email domain? It shouldn’t be coming from an email address with a public email domain. For example, you’re not going to get an email from someone at our company that says [email protected] It’s going to be from an email address such as [email protected] Make sure to look at the email address before you do anything else
- Are there spelling errors in the email address? Read the email and check for spelling errors. Check the sender’s email address for spelling errors. It will be an error that will be hard to spot and it looks correct at first glance. This happens pretty often because cybercriminals think you won’t be cautious enough to check the spelling. For example, they might spell Amazon like Arnazon. (They would change the m to an r and n to make it look like an m.)
- Is the content grammatically correct or is it poorly written in general? If you get an email and it’s full of grammatical errors and not well written, that’s a sign it’s a scam. Actual companies/organizations aren’t going to make this mistake
- Is there an attachment or link in the email that you weren’t expecting? Hover your mouse over any unsure link or attachment. If the link isn’t what you are expecting, it’s possibly malicious. It’s better to be safe than sorry, so if you’re unsure about opening a link or attachment, ere on the side of caution and don’t open it
- Does the email sound strangely urgent? Some examples of this are when the email says they need money now or they need you to give them information ASAP. This isn’t realistic and can easily be debunked. They’ll usually pose as your boss, a senior executive at your company, or your bank because they think you are more likely to give these types of people sensitive information
The best way to educate employees/staff on phishing emails, malware, and ransomware is by implementing a continuous cybersecurity training program. By enrolling your employees/staff in a continuous cybersecurity training program, you’re giving them the knowledge to keep themselves safe from cybercriminals.
When it comes to students, it’s best to educate students about phishing emails, malware, and ransomware as soon as possible. By doing this, you’re giving them the knowledge to avoid these types of attacks. The younger they’re able to recognize these things, the better it will be. Learning about how to stay safe online early on in life will be beneficial as they get older and use technology for college and their careers.
17. Provide fun, engaging, gamification cybersecurity training for everyone - students, parents, teachers
Andee Harston, Curriculum Manager, Infosec
In this day and age, you must be extra vigilant when it comes to checking your emails for phishing attempts. There are several things you can do to determine if an email is a phishing email:
- Hover (don't click!) over the sender's email address and check for any misspelled or suspicious domain names. Double-check the sender's email address and ensure it matches your expectations
- Read emails with caution that use words like immediately, cancellation, or notification. This is very likely an indicator that the email is a phishing attempt. Hackers often use psychological tactics to pressure users to respond quickly or out of fear
- Verify unexpected email attachments before clicking or downloading. Always contact a trusted secondary source to validate if the email is legitimate. This could mean calling a coworker from a phone number in your school/business directory and asking them if they sent an email or reporting the email as SPAM to your IT department
- Watch for misspelled words, grammatical errors, or strangely constructed sentence structure. A poorly written email may also be (but not always) an indication that it is a phishing attempt
One of the best ways to inspire secure habits among faculty and staff is through relatable, relevant training that leverages educational best practices like micro-learning and gamification. This starts with engaging training that helps faculty and staff understand why bad actors target schools and student data - and what they can do to protect themselves and their students. Where possible, we recommend using real-world examples to help make training real for educators.
You can start by implementing a good cybersecurity education program to educate teachers, employees, and staff to identify malicious emails. Train thoroughly and often, at least quarterly. Teach employees to question all digital correspondence and always, always trust their gut instinct. Then make sure employees know who to report suspicious emails to and how to report them using the school's incident response call tree or email reporting system.
Recommended topics include password complexity guidelines for home routers/computer assets, timely system patching, and good data privacy practices, including how to share information safely online and how to recognize phishing emails.
It's all of our responsibility to teach children about the security risks associated with email accounts and internet access. This is no different than teaching kids to look both ways before crossing a street; their safety and welfare depend on their ability to stay safe online.
Additionally, schools should consider an outreach program to parents. A fun monthly or quarterly newsletter, written and researched by students, helps educate parents and students simultaneously.
18. Use the old adage: ‘don’t talk to strangers’
Janis von Bleichert, Founder, EXPERTE.com
Generally speaking, phishing, ransomware, and malicious downloads all have one thing in common: they require the user to 'get the ball rolling.’ Starting from that point, the best defense against getting infected with such files is to encourage faculty, students, or teachers to do nothing if they think something is 'fishy' or 'too good to be true’.
Should a teacher or student have any doubt whatsoever about an email, a download, or an attachment, they should err on the side of caution. For schools, this can be done similarly to how students are instructed to 'not talk to strangers', albeit, in a digital context.
Apart from instilling a very healthy dose of care when opening links or downloading files, it's also good to show faculty, staff, and students how to set up and use a (qualitative) and free antivirus or anti-malware suite. During our internal review process, Avast, Sophos, and AVG were the three best free suites we tested. Teachers can integrate installing and running virus scans into computer lessons, and show students how to engage real-time protection.
Finally, within browsers, it's a good idea to introduce students and teachers alike to ad-blocking extensions, since this can also close off a lot of the avenues for an attack that malware can use to establish itself on computers.
While there are a lot of preventative measures for cybersecurity, nothing is 100% guaranteed. If something looks fishy (pun intended), it probably is phishing. Look at every detail of emails, install quality software to scan against attacks, and keep up to date with how hackers and others are scamming people every day.
Listen to MomTalk podcast where Beth and Andrea discuss cybersecurity tips
Logged in and still not seeing content? This course may not be part of your membership plan. Click here to join.
Share Your Thoughts With Our Team
Your email address will not be published. Required fields are marked *