Staying safe online: 10 digital threats to your school defined
This week Schools up and down the country were learning about Safer Internet Day 2019, a day dedicated to raising awareness for the growing importance of staying safe online.
The world of cyber security is becoming vital for schools to understand, especially as more sensitive data is stored electronically, and online security threats become increasingly sophisticated.
Keeping a school safe is something that involves everyone, staff and pupils, and ensuring people are educated about the basics of staying safe online is the best tool any school has when fighting these threats. The more aware and confident people are online, the less risk there will be.
One problem is that cyber security can understandably be confusing due to the large amount technological jargon used; therefore we have defined a list of ten common security threats and explained each one.
Denial of service attack
When a website or service is overloaded intentionally by an attacker who is trying force a system to use so many resources that it is no longer able to function and becomes unavailable to anyone trying to access it. An example of this is by targeting a site to receive millions of visits simultaneously.
A program or physical device that is used to record the keystrokes made on a personal computer, this is used in order to obtain sensitive information such as passwords and bank details.
When an attacker creates and leads people to a fake website with the intention of capturing their personal or financial information. Phishing websites are often designed to look exactly like commonly used websites such as social media, shopping or banking sites.
Like phishing, this is an attempt to obtain the personal or financial information of someone by tricking them into thinking they are handing it over to a legitimate source. Instead of targeting via a fake website, this is when the attempt is made via a phone call.
While phishing often tricks people into visiting a fake internet address, this is an attack that targets a device or server so that even if a person were to visit a legitimate web address, they would still be redirected to a fake replica where their details can be stolen.
An attack that takes advantage of a vulnerability that may exist in a piece of software in order to gain access to a system, this type of attack often occurs when software becomes out of date and does not carry the latest security patches.
This is when a malicious message, typically an email, is sent out but designed to appear as if it was being sent from a genuine and trusted source through the use of a similar email address.
Man in the middle attack
This is when two people believe they are having a conversation with each other via email, but someone is intercepting and altering the messages with malicious intent as they are sent between the two parties.
A piece of malicious software that blocks access to a system or files within a system and demands a ransom payment to regain access.
Essentially a ‘trial and error’ approach of trying to gain access to an online account by using an automated program that will constantly guess the password for an account.