“Google campus” dangers revealed: Schools that have embraced Google are experiencing security breeches

Cyber attacks on private schools significantly increased over the recent months, according to the chief executive of the Independent Schools’ Bursars Association. The authorities noted that hackers continue to breach vulnerable computer systems and access the personal information of parents whose data are stored on cloud-based apps. The hacked systems were then used to trick parents into paying for fake school fees, leeching them of thousands of pounds.

In one case, one parent was swindled by as much as $94,000 after being lured into a 10 percent ‘early bird’ discount. Cybersecurity experts stated that schools were rendered vulnerable to cyber attacks after transitioning to Google for Education, a version of the cloud-based app suite Google Docs.

“I’ve had six cases recently from schools and three more from parents. Typically a school’s admissions team is targeted with a phishing message, to which they fall victim. This could be purportedly from an organization such as an agent of the school. They use a [false]email of a person known to the school to send a shared document…which asks you to enter your username and password to view. Once they have that they can log into Google for Education as the school and access the administrator’s email,” Neil Hare-Brown, a director at the digital investigations company Storm Guidance, said in a Brinkwire article.

The Metropolitan Police to the Independent Schools Council cautioned that the cyber attacks start with an email sent to the parents. The email indicates the latest payment details for school fees, the council said. According to the authorities, the email appears official and at times may be sent from the school’s hacked email system. This, in turn, enables hackers to take hold of the new bank details and divert the school fees into their bank accounts. (Related: Security alert: Voice impersonators can trick voice recognition systems, according to research.)

“All parents need to be cautious if you receive emails stating a change of payment detail or containing unexpected attachments. You should telephone the school on the usual number, not one contained within the email, and double check the validity of all information before making any payment,” the council advised.

Here’s how you can boost your online operation’s security

An article posted on the Daily Mail website listed five key tips for more secure online transactions. These pointers include:

• Activating two-factor authentication – According to the article, most major online services support this practice.
  This authentication process requires a login and password per usual, but also sends a unique numeric code to another device through various media including text message, email or a specialized app. Log in is refused if access to the other device was denied
• Encrypting the internet traffic – Subscribing to a virtual private network (VPN) service to encrypt digital communications may deter hackers as the practice makes it more challenging for them to intercept the encrypted data.
• Increasing password strength – Long, strong and unique passwords are surefire repellent for hackers. Subscribing to a reputable password manager may help users identify strong passwords and have the data encrypted on their computers.
• Keep tabs on the device’s activity – According to the article, many computer programs and mobile apps continue running even when they are not in use. The entry added that most computers, phones, and tablets have a built-in activity monitor that enables users to keep track of device’s memory use and network traffic in real time. This feature allows users to identify which apps are sending and receiving internet data, and close programs that shouldn’t be running in the first place, the article concluded.
• Avoiding suspicious hyperlinks, attachments – It is important to keep an eye out for suspicious hyperlinks or attachments in an email. The entry advised exercising caution in opening these attachments even when they appear to come from familiar sources, as users may never know if the source’s email address had been compromised.

Sources include: