As many return to school globally, those of all ages begin to share what the next year will bring. From children’s adorable first day photos to career growth updates, it is important to be mindful of cybersecurity in these and all milestones when posting online. As we leave the summer holidays behind, we asked our ISC2 Volunteers to share their best practices for students this time of the year:

Chinatu Uzuegbu, CISSP

The e-learning world is full of data sharing, from training platform resources to students’ devices. From the devices, the connection stretches to others via email or sharing tools such as Google Drive, OneDrive, iCloud, Drop-box, GitHub, social media and more. While students are sharing, they may not realize the implications – and the extent – of the spread of personal information. This personally identifiable information (PII) such as your phone number, email address, social security number, home address, photos, e-learning login, passwords and other information could be disclosed to the public innocently.

Students should take all available measures to secure information by applying the concept of AIM: acknowledge, indicate and manage. Acknowledging the value of the data you are sharing will help determine how to safeguard and protect it. Indicate the risks and loose ends of that data, consider what could happen if the bad guys took advantage. Manage the data accordingly, sharing only with those who should have access. Another helpful concept is Stop, Think, Connect. Be sure you are sharing with a level of confidentiality, ensuring that all traces of your PII have been masked or removed.

Sivachandu Gudivada, CISSP shared that students increasingly rely on the internet for education, socializing and entertainment. Their best practices to stay safe while navigating the online landscape are:

  • Protect Personal Information - Never share your PII online unless it is necessary, and you trust the source.
  • Strong Passwords and 2FA - Always use strong and unique passwords for your online accounts and wherever possible, enable 2 factor authentication.
  • Be Skeptical - Be cautious when interacting with people or entities you don’t know online.
  • Privacy Settings - Review and adjust privacy settings on your accounts and online profiles to limit the amount of information visible to others.
  • Cyberbullying Awareness - If you encounter cyberbullying, harassment, or inappropriate content, don’t engage. Block or report the user and seek help from a trusted person.

Rishipal Yadav, Associate of ISC2 cautions college students to be cautious of freebies. Product companies and services target college students with alluring promotions like cashback, signup offers, referral bonuses and whatnot. Students, in a quest to make some extra money on the side, fall into this trap and can end up giving their sensitive information like social security numbers, credit card information, addresses etc. to these companies. Be cautious, remember there is no free lunch. It's your sensitive data that you “paid” for the freebies. If it sounds too good to be true, it is probably a scam.

Tara Plouff,Lead Technology Support Specialist, Waterloo Community School District, Iowa, U.S.recommends that everyone ensure they have two-factor authentication enabled and set up for every account. Students are often required to sign up for online textbook apps or simulation labs that may or may not offer two-factor authentication. While it is fairly commonplace to enable two-factor authentication on bank accounts and email accounts, it is less common to enable additional authentication factors on school-related accounts. One compromised account can trigger a spear-phishing attack that can lead to a compromise of more valuable accounts. If two-factor authentication is not available on a specific site, students should use a long, unique, complex password saved in a password manager.

Saju Thomas, CISSP, CC shared that while there is no one set rule to protect data that is published or consumed on the internet, we need to implement a set of controls during the complete life cycle of information usage. To support concerns, he answered some frequently asked questions:

  • How do I ensure my account is safe?
  • Creating strong passwords by enforcing alphanumeric combinations or using custom applications such as passwordgenerator.net.
  • Enforce multifactor authentication (MFA) as feasible.
  • Review the account security by validating the audit check such as last login observed, last device connected, etc.
  • How can I be sure that I am surfing the web safely?
    • Use private or incognito mode while browsing.
    • Use well known browsers such as Chrome or Edge as they have built-in security features such as anti-phishing checks, protection against dangerous extensions, unwanted software protection, etc.
    • Validate your cookie preferences. You have the option to set the preference on how much data to be consumed by the website you are surfing on. If setting a preference on each page is cumbersome, choose the browser DuckDuckGo which can limit collection of data.
    • Choose carefully who you “friend” and limit access to your location.
  • How can I not fall prey to common risks?
    • Think before you publish. Ask yourself, would my relatives or employers think this is appropriate? Could this get me into trouble? Could someone be hurt or embarrassed by this content
    • Know the signs of online grooming. Do not engage and tell a trusted adult. Report using CyberTipline and do not delete.
    • Protect yourself from sexting and sextortion by avoiding accepting or forwarding inappropriate images or pressuring another to do so. If someone is engaging in blackmail, do not comply with their demands. If an image is already on the internet, the below sites can help for ages 18 and under:
      • TakeItDown.NCMEC.org - Free service that can help remove or stop the online sharing of nude, partially nude, or sexually explicit images or videos.
      • CyberTipline - Report child sexual exploitation.

To help your local educational spaces, ISC2’s Center for Cyber Safety & Education offers The Safe and Secure Online program to empower tweens, teens, parents, and senior citizens to protect themselves in the digital age by learning safe cybersecurity practices. Through this initiative volunteers worldwide passionately share their expertise with local communities, especially underserved and underrepresented populations, while also raising awareness of exciting cyber career possibilities. Interested parties should send a message to Center@isc2.org.

If you or someone you know is interested in advancing their cybersecurity education, ISC2’s Center for Cyber Safety and Education has scholarship opportunities open now, visit https://www.iamcybersafe.org/s/scholarships.