Embedded Files
Many people place sensitive information about students, their medical health, financial transactions in cloud storage. Others may create a spreadsheet file with all their top secret passwords to banking websites.
Many people place sensitive information about students, their medical health, financial transactions in cloud storage. Others may create a spreadsheet file with all their top secret passwords to banking websites.
These individuals have given little thought to what might happen if hackers compromise their login credentials. Often, individuals may rely on hotel or coffee shop WiFi to transfer confidential information. These WiFi-friendly venues, including your home, may be unsecured and open to packet-sniffing.
Topics
Topics
- Cloud-Based Data Scanners
- Educate Against Attacks
- Cloud Encryption Tools
- Safeguard Email Attachments
- Encrypted Data Conduits
1 - Cloud-Based Data Scanners
1 - Cloud-Based Data Scanners
Several solutions exist that will scan your district’s Google Suites for Education domain or Microsoft 365 tenant seeking any possible sensitive data that may have been shared with intent or not. Two solutions that I am aware of include the following (in alpha order):
Several solutions exist that will scan your district’s Google Suites for Education domain or Microsoft 365 tenant seeking any possible sensitive data that may have been shared with intent or not. Two solutions that I am aware of include the following (in alpha order):
Cloudlock helps K-12 organizations protect data in their cloud collaboration applications while enforcing regulatory, operational, and security compliance easily and effectively. School districts use Cloudlock to reduce data exposure risk, and increase staff and student productivity in the cloud.
Automatically backup and restore your cloud data to make sure user errors, malware, and ransomware don’t derail your business. Features include:
Scan backup archives for Ransomware
Backup multiple domains in the same account
Secure store your G Suite data on your cloud. SysCloud uses Amazon AWS, Microsoft Azure, and Google Cloud to encrypt and store your organization's data.
Summary
Summary
Both solutions offer a variety of features, essentially scanning your cloud storage provider (e.g. Google Suites for Education or Office 365) for sensitive data. What’s more, additional rules can be set up to restrict placement of sensitive data online to prevent or quickly catch rule violations. You will want to explore these solutions through an official request for proposals (RFP) process aligned to your particular district’s processes and procedures.
2 - Educate Against Attacks
2 - Educate Against Attacks
An attack that impersonates user(s) to obtain data access via email,” reads the definition of phishing introduced earlier. Do you know how serious it phishing is? Check out these statistics:
An attack that impersonates user(s) to obtain data access via email,” reads the definition of phishing introduced earlier. Do you know how serious it phishing is? Check out these statistics:
Phishing is the most common form of cyber crime, with an estimated 3.4 billion spam emails sent every day.
The use of stolen credentials is the most common cause of data breaches.
Google blocks around 100 million phishing emails daily.
Over 48% of emails sent in 2022 were spam.
Over a fifth of phishing emails originate from Russia.
Millennials and Gen-Z internet users are most likely to fall victim to phishing attacks.
Phishing was the most common attack type against Asian organisations in 2021.
The average cost of a data breach against an organisation is more than $4 million.
One whaling attack costs a business $47 million. (source)
Campus principals, finance/business department staff are primary targets for phishing attacks that gain people access. There’s a lot more you can learn about phishing, the types of attacks that arrive via email.
CyberSecurity Resources
CyberSecurity Resources
Doug Levin has been tracking the publicly disclosed K–12 incidents on a color-coded map on his website, K-12 CyberSecurity Resource Center. His sources include media reports, DataBreaches.net and the Privacy Rights Clearinghouse.
Doug Levin has been tracking the publicly disclosed K–12 incidents on a color-coded map on his website, K-12 CyberSecurity Resource Center. His sources include media reports, DataBreaches.net and the Privacy Rights Clearinghouse.
Some cyber incidents at U.S. K–12 schools that Levin has tracked include:
Some cyber incidents at U.S. K–12 schools that Levin has tracked include:
phishing attacks that procure personal data;
ransomware attacks;
denial-of-service attacks;
“other unauthorized disclosures, breaches or hacks” that disclose personal information; and
other cyber incidents that have caused school disruptions or closures. (Source: THE Journal)
3 - Cloud Encryption Tools
3 - Cloud Encryption Tools
The easiest solution (which isn’t that easy) is to avoid placing sensitive, personally-identifiable information online in a public folder where it is unknown who has access to it.
If you must place sensitive data in the cloud, encrypt the file first. Once the person has obtained the file, remove the file. At no time should a decrypted file be placed online in cloud storage or emailed as an attachment.
Encryption works in a transparent manner. You see your files with regular filenames, while others (e.g. cloud storage maintainers, hackers) only see encrypted filenames.
Encryption works in a transparent manner. You see your files with regular filenames, while others (e.g. cloud storage maintainers, hackers) only see encrypted filenames.
Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice. The security of Boxcryptor has been confirmed in an independent code audit by Kudelski Security.
With Cryptomator, the key to your data is in your hands. Cryptomator encrypts your data quickly and easily. Afterwards you upload them protected to your favorite cloud service. Most cloud providers encrypt data only during transmission or they keep the keys for decryption for themselves. These keys can be stolen, copied, or misused. Thanks to Cryptomator, only you have the key to your data in your hand. Cryptomator allows you to access your files from all your devices. It's easy to use and integrates seamlessly between your data and the cloud.
Another Free Option
Another Free Option
A free solution for file/folder encryption is Secure Space Encryptor (SSE) from Paranoia Works. It’s free, open source, and works on Mac/Win/Linux/Android. Or, create a VeraCrypt encrypted data container and save that on your cloud storage. There are advantages and disadvantages to both.
A free solution for file/folder encryption is Secure Space Encryptor (SSE) from Paranoia Works. It’s free, open source, and works on Mac/Win/Linux/Android. Or, create a VeraCrypt encrypted data container and save that on your cloud storage. There are advantages and disadvantages to both.
4 - Safeguard Email File Attachments
4 - Safeguard Email File Attachments
Ready to safeguard email file attachments? You have several options. Let's go over those. Many of the options that encrypt the body of your text message fail to protect your attachments to your emails. Sending a colleague a report about a student special education progress? Even if you encrypt the body of your email, the attached PDF or Excel sheet is unencrypted.
Ready to safeguard email file attachments? You have several options. Let's go over those. Many of the options that encrypt the body of your text message fail to protect your attachments to your emails. Sending a colleague a report about a student special education progress? Even if you encrypt the body of your email, the attached PDF or Excel sheet is unencrypted.
What PROCESS do you have in place? Let's review some simple steps you can put in place.
What PROCESS do you have in place? Let's review some simple steps you can put in place.
Encrypt Email and Attachments with These Email Providers
Encrypt Email and Attachments with These Email Providers
ProtonMail: Available for free, but a PLUS account is $50 a year
Tutanota: Available for free but an account with more features is available
Hushmail: Free option available but pay for more features
Process To Follow
Process To Follow
Connect with your email recipient (the person you are writing to). Decide on what file/folder encryption tool you will both be relying on to send protected content. Some options that work well: Secure Space Encryptor (SSE), 7zip, or FileLock. Decide how you are going to verify receipt of the encrypted file attachment.
Send the top secret password you will be encrypting via a secure messaging tool, such as Signal. Avoid sending it via email since your email message is a postcard (anyone can read it) unless it is encrypted. Verify receipt.
Encrypt your file attachment, such as a Word, Excel, or other document using your preferred option (e.g. FileLock, SSE).
In the body of your email message, keep it simple and attach the encrypted file (filename.enc).
Send message to your email recipient, then verify receipt.
5 - Encrypted Data Conduits
5 - Encrypted Data Conduits
Virtual Private Networks (VPN)
Virtual Private Networks (VPN)
"A VPN creates a private “tunnel” from your device to the internet and hides your vital data through something that is known as encryption" (Source: NameCheap).
"A VPN creates a private “tunnel” from your device to the internet and hides your vital data through something that is known as encryption" (Source: NameCheap).
Types of VPNs include:
Standalone VPN Services (e.g. Private Internet Access, MullVad VPN and Browser)
Browser Extensions (e.g. PIA Chrome extension, Opera browser built-in VPN)
Corporate VPN (more on that in a moment)
VPNs for Individuals
VPNs for Individuals
"Virtual Private Networks provide an important element of privacy protection for users," Electronic Frontiers Association says. . .VPNs [are] one of the most effective tools for protecting privacy when using the Internet, due to the degree of anonymity they provide when accessing online services.
If the hotspot you’re using…[is] simply unsecured, hackers nearby can eavesdrop on your connection to gather useful information from your activities. Data transmitted in an unencrypted form (i.e., as plain text) may be intercepted and read by hackers with the correct knowledge and equipment. This includes data from any services which require a login protocol (Source).
Whether in your hotel, restaurant, or conference space, protect your device with a virtual private network. Here are some quick recommendations that you can put in place. Be aware that free VPN solutions offer little protection.
Whether in your hotel, restaurant, or conference space, protect your device with a virtual private network. Here are some quick recommendations that you can put in place. Be aware that free VPN solutions offer little protection.
Most VPNs offer mobile apps you can use, as well as Chromebook extensions. This means you can connect all your devices using ONE VPN solution.
VPN Alternative? Not ready to invest in a VPN solution for your smartphone? Then, try Cloudflare, which features the Warp VPN built-in. It’s free, works on your iOS and Android smartphone. It will give you some protection while sitting at the coffee shop.
VPNs for Organizations
VPNs for Organizations
Securing Confidential Files for Transfer
Securing Confidential Files for Transfer
If you are an IT Director, you may be called upon to transfer files in a secure manner. In school districts, there are several ways to accomplish that. Each way is briefly explored below and solutions offered.
1- Secure FTP Solutions (Automated)
1- Secure FTP Solutions (Automated)
This approach entails creating an encrypted conduit through which unencrypted files will be transferred from a server or your computer on a nightly basis. You will need to be able to automate this process and rely on a secure File Transfer Protocol (sFTP) solution or FTPs (read how sFTP is different from FTPs). This may entail you purchasing and implementing a secure FTP solution on a district server outside the firewall.
Server Side sFTP Solutions
Client Side sFTP Solutions
WinSCP (other clients)
Some of the features most need include:
Automating the transfer of files from one server to another
Securing the files with encryption (e.g. GPG/PGP)
Verification that files were sent and received
Encrypted transfer of files
2-PGP/GPG File Encryption (Automated / Manual as needed)
2-PGP/GPG File Encryption (Automated / Manual as needed)
Using a Pretty Good Privacy (PGP) or open source equivalent (GPG), such as OpenPGP Encryption Tool (GoAnywhere MFT for automated encryption). You can write scripts that automate this using PowerShell if on Windows or other solutions if on GNU/Linux or Mac. Exploring the use of scripting solutions for data encryption is beyond the scope of this webinar.
Some have eschewed this approach in the favor of an sFTP solution or simply encrypting data using a tool like 7zip or SSE (Step 3) with AES-256 encryption (more on that below).
3-Virtual Private Network (VPN)
3-Virtual Private Network (VPN)
"A virtual private network extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network" (Wikipedia).
When we talk about using a VPN in a school setting, we're not discussing consumer-level VPN tools like those used for individual protection.
Some solutions in use in Texas schools:
Cisco VPN or appliance (Cisco Firepower 2110)
Microsoft Direct Access (popular)
Palo Alto Networks (popular)
Google Sites
Report abuse