How to protect your school's passwords

How to protect your school

Being just as vulnerable as large businesses to cyberthreats, schools are tasked with ensuring all of their networks are safe at all times. In many cases, setting up an advanced cybersecurity system can be expensive and time-consuming.

However, all of this work can count for little if proper thought and care is not given to the passwords that your school relies upon to protect its data.

According to the Australian Cyber Security Centre’s 2017 Threat Report, gaining access to personal information which can be used to facilitate financial crimes and identity theft is big business, and credential harvesting malware poses an increasing threat to Australians.

Mark Sinclair, regional director ANZ of WatchGuard Technologies, says that in this online era, it’s not uncommon for individuals to have as many as 90 passwords – for everything from their work email and personal bank account to the local library.

Below, Sinclair outlines 10 common ways their integrity can be compromised.

1. It’s not good to share

Sharing with a friend may seem like a good way to enjoy double the value from a Netflix subscription or the like – but what happens if your friend decides to share the bounty with others? Your account could potentially be accessed from a string of different devices – some of them owned by individuals just as careless as you are.

2. Stored in plain sight

It’s a tough gig memorising multiple passwords. Storing them in a Word or Outlook document on your computer can seem like a good way to keep track of them – except for the fact that they’re not secret if a systems administrator, colleague or random passer-by ever has the opportunity to click on the file.

3. Written on a post-it

Keeping the keys to the kingdom recorded in a little black book or on a post-it note is just as risky, however cunningly you may think you’ve disguised the information. Leave it lying around or lose it and your personal data is there for the taking.

4. Used on a shared computer

Shared computers and cyber security are like toothpaste and orange juice – a combination that just doesn’t go. Unless you can be 100 per cent certain there’s no Trojan software or spyware installed, using a shared machine to check your bank balance or log in to social media can be a risky business.

5. Stolen from public Wi-fi

Public Wi-fi is everywhere and most of us access it at some point. Why not? It’s convenient and economical – and a great way for cyber-criminals to pinch your passwords, if you have the misfortune to log on via a fake access point, not the similarly named free service a nearby business or café is supplying.

6. Easy peasy passwords

They’re easy to remember – and easy as pie for others to guess or crack. Maiden names and those of children and pets do not a secure password make.

7. Phishing attacks

Phishing attempts – emails exhorting you to click on links to claim prizes, query unpaid accounts and the like – are a daily occurrence for most individuals with an email address.

8. Rinse and repeat

Thinking of memorable, hard-to-crack passwords over and over can be tough. Many of us use the same one across multiple sites and programs, perhaps mixing it up with a token variation or two.

9. Social engineering attacks

Phone calls from individuals purporting to work for the tech support division of a bank, utility or software company can catch people off guard, if the spiel is a convincing one.

10. Trojans and Remote Access Tools

Sites which install Trojans or Remote Access Tools (RATs) can also be treacherous ground – whether you’re taken there by hackers or navigate your own way into danger.


Related stories:
How to safeguard your school’s data
How principals can build a culture of cybersafety
Ransomware still a top threat for schools