Cybersecurity

The FBI recently warned in an alert that malicious actors “almost certainly” will be using deepfakes to advance their influence or cyber-operations in the coming weeks and months. The alert notes that foreign actors are already using deepfakes or synthetic media — manipulated digital content including video, audio, images and text — in their influence campaigns. So far, deepfakes have been limited to amateur hobbyists putting celebrities' faces on porn stars' bodies and making politicians say funny things. However, it would be just as easy to create a deepfake of an emergency alert warning of an imminent attack, destroy someone's marriage with a fake sex video, or disrupt a close election by dropping a fake video or audio recording of one of a candidate days before an election.

The FBI warning comes amid concern that if manipulated media is allowed to proliferate unabated, conspiracy theories and maligned influence will become more and more mainstream. Lawmakers have recently enacted a series of laws that address deepfake technology, which frequently is used to harass women, through the creation of fake pornographic videos with the targets of harassment seemingly appearing in the footage. There are no limits to the places people can take things: recently a mother created a deepfake pornographic video of her daughter’s rivals on her cheerleading squad to discredit them.

Last year brought a record number of US school-related cybersecurity incidents, some "resulting in school closures, millions of dollars of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud," states a report presented at the K-12 Cybersecurity Leadership Symposium. The report encourages administrators to review their resiliency plans and should serve as a reminder to parents that you should know your school or district’s plan for a cybersecurity break and understand how parents are notified if a situation occurs.

A recent survey found that found high numbers of K-12 teachers are unfamiliar with the various forms of cyberattacks. For example, 48 percent of K-12 educators said they had no familiarity with "videobombing." Likewise, the same percentage said they didn't know what denial-of-service attacks were. Four in 10 (41 percent) were unfamiliar with ransomware attacks. More K-12 educators knew something about data breaches (75 percent) and phishing scams (79 percent), but these results show that parents cannot depend on schools and teachers to be up on the latest in cybersecurity threats, and may need to take the responsibility of making their children aware.

K-12 schools now make up the majority of victims from ransomware attacks, according to a report from the FBI and other federal security agencies. Ransomware is a form of malware in which the attacker gains access to the victim’s computer systems and then holds the victim’s systems and/or data for ransom. Perpetrators demand money on the threat of disabling computer systems that they’ve gained control over or releasing personal data they’ve stolen (generally private student data in the case of K–12 incidents). Parents and students need to be aware of these attacks, which also disrupt service and block remote learning. Do you know your school’s policy on surviving a ransomware attack?

Voice recognition technology is growing rapidly, but the data generated – including this such as the voice of a child reading a story stored on digital media- qualifies as personal information, raising privacy and compliance issues, writes Joseph Lazzarotti of law firm Jackson Lewis. In a commentary, Lazzarotti outlines seven factors for schools and businesses to consider, concluding that "creating a robust data protection program or regularly reviewing an existing one is a critical risk management and legal compliance step."

Despite the growing numbers of US schools falling victim to cybercriminals and ransomware attacks, few have signed onto federal resources aimed at improving their cybersecurity capabilities, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said during a Senate subcommittee hearing. Wales encourages school districts to enroll in free membership in the Multi-State Information Sharing & Analysis Center and the free federal malicious domain blocking and reporting service.

Ruben Verborgh, a professor of computer science in Belgium, says tech companies' "data collection frenzy" discourages innovation and "encourages unfair competition." Verborgh is working with the web's creator, Tim Berners-Lee, on a project called Solid to help consumers create personal safes for their data.

Students are prepared to get behind the wheel and navigate busy roads, but not to investigate a complicated information superhighway, writes Liz Ramos, who teaches history and US government at a California high school. In a recent commentary, Ramos writes that the US election has highlighted the importance of teaching news literacy in schools so students learn to think critically and be informed, engaged citizens.  She cites Finland as an example of a country that is teaching information literacy in grade school, seamlessly integrating it across subjects. In math class, students learn how statistics can be used to distort. In art class, they see how the meaning of an image can be manipulated. In history, they examine propaganda, and in Finnish language classes, students learn how words can be used to confuse, mislead and deceive.

Virtually every American is making at least one mistake protecting their data, says author Joseph Steinberg of "Cybersecurity for Dummies." A survey of more than 2,500 adults by Bankrate.com finds four in five people reuse passwords, while the next most common mistakes are saving passwords on a phone or computer and saving payment information on a device to make shopping faster and easier. Other behaviors Americans admit to doing include: using an ATM somewhere other than a financial institution (28 percent), carrying a Social Security card in a purse or wallet (26 percent), throwing away or recycling personal documents without shredding first (23 percent), and posting their birth date on social media (15 percent).

Large, wealthy school districts in the suburbs are most likely to be hit by hackers, an analysis by the Government Accountability Office finds, and at least 289 US districts are reporting cyberincidents this year, says Doug Levin of consulting firm EdTech Strategies. Student academic records were most commonly compromised, including assessment scores and special education records. Coming in second were records with personally identifiable information, such as student Social Security numbers, according to the analysis of data from July 2016 to May 2020. The trend is also seen in some smaller districts, such as the 6,000-student Newhall School District in California, where a ransomware attack in September halted virtual instruction for five days and forced a network reboot.