the </unplugged> issue

Students’ ‘lack of awareness’ of cyberthreats puts them at risk during online learning

IT experts note ways institutions like Ryerson can better protect students against cyber threats

Experts say students lack awareness when it comes to identifying cyber threats and are calling on institutions to implement better digital literacy skills training.

The onset of the COVID-19 pandemic forced students around the world to pivot to online learning. While its remote and digital nature offers accessibility by attending class from anywhere, it also comes with increased cybersecurity risks.

Information technology (IT) specialist James Curtis at Webster University said students—especially those who are not in science, technology, engineering and math (STEM)—are behind when it comes to preparing for malware attacks.

A cyberattack is a malicious and deliberate attempt by an individual or organization to breach the information system of another entity, according to Cisco, and can take shape in different forms with malware being the most common type.

Malware is a term used to describe malicious software, including spyware, ransomware, viruses and worms. Cisco also reported that malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software.

“The only way to be able to cope with the threat [of cybercriminals] is awareness”

Curtis also said schools should consider integrating cyber safety into courses across all disciplines, citing practices such as using two-factor authentication for all login processes and ensuring that third-party applications cannot be installed on university computers without approval from the school’s IT department.

Ryerson chief information officer Brian Lesser said since 2017 Ryerson has conducted cybersecurity awareness month every October, providing cybersecurity pop-quizzes for students to prepare them in the case of a malware attack.

Lesser said, generally speaking, a university department will request to use a third-party app for a course and the IT department will do a subsequent privacy assessment on the platform to decide whether it is safe or not.

The university also carried out a series of contests that encouraged students to report fake phishing emails that were intentionally sent by the school all throughout the month.

Marcus Edwards, a former member of Ryerson’s CyberSecurity Research Lab, told The Eyeopener in 2019 that the university blocked up to 500 malicious malware email attachments every day and received one million password guessing attempts in one week.

In 2017, Statistics Canada reported that 47 per cent of cyber security incidents that year affected universities and were more likely to be impacted by malware to steal money or demand ransom payments. It also notes that 70 per cent of universities reported that their employees required additional time to respond to the attacks.

Simon Fraser University was hit with a ransomware attack in February 2020, compromising the personal information of about 250,000 students, faculty and alumni as reported by CBC.

"In 2017, Statistics Canada reported that 47 per cent of cyber security incidents that year affected universities"

Mehdi Shajari, an assistant professor in the Ted Rogers School of Management said he agrees with Curtis in that the biggest concern for students navigating the internet is a lack of education in cyber safety.

“The only way to be able to cope with the threat [of cybercriminals] is awareness,” said Shajari. “Knowledge is very important [especially] knowledge of cyber security among students.”

He also said universities need to work to help students improve their understanding of internet security.

According to Shajari, students should be particularly careful with emails from unknown senders, phone calls from numbers that are unfamiliar and open wifi networks, which he said could have been set up by hackers to obtain your information.

Statistics Canada reported that malicious hackers are exploiting the COVID-19 pandemic by sending phishing emails that appear to be related to the health crisis. The organization says these scams can range from texts or emails about vaccines, the Canada Recovery Benefit or Canada Emergency Student Benefit payments.

Since the start of the COVID-19 pandemic, Statistics Canada also determined that more than one in three Canadians have received a phishing attack.

Recently, Ryerson created Human Rights Online, a new campaign created by Human Rights Services at the university. The campaign was introduced to have a centralized list of resources for Ryerson students to consult on their online safety.

Its community members are able to file a complaint with Human Rights Services based on the discrimination and harassment prevention policy and the sexual violence policy, the university said in an email to The Eye.

Students are only able to file complaints through this service when engaging in university-related activities. However, the policy may apply to social media even if the account is not directly affiliated with the school.

Return home