Security risks from learning and working from home (and how to prevent them)

Published January 12, 2021

In December 2020, the FBI issued an announcement highlighting security threats associated with distance learning and provided recommendations for how to better secure yourself.

Print

You can read the entire announcement online at the Internet Crime Complaint Center, a service of the FBI.

Read the FBI’s announcement: “Transition to Distance Learning Creates Opportunities for Cyber Actors to Disrupt Instruction and Steal Data”

Disruptions to virtual classes and meetings

The FBI received multiple complaints in 2020 of “interruptions [to online classes, including] verbal harassment of participants and teachers, use of offensive language, and displaying images containing pornography and violence.”

At UB, most online classes are conducted using Zoom. UBIT provides recommendations for securing meetings and handling disruptions on the UBIT website. 

Social engineering and phishing

With greater reliance on electronic communication like email between teachers, administrators, parents and students, cyber criminals see an opportunity to use phishing and other social engineering tactics to compromise devices and steal personal information.

“For example,” the FBI announcement explains, “a cyber actor can use the compromised email of a school official to request private information, send a victim to a malicious website, or convince a victim to download a malicious attachment.”

Impersonation scams of this kind have been reported at UB. Visit the UBIT website to learn how to recognize a phishing attempt, and how to protect yourself against common scams targeting the UB community.

What can I do about it?

The FBI identifies several best practices to make your distance learning and teaching experience more secure:

  • Identify points of contact at your school for technology-related questions. Contact the UBIT Help Center, online at https://www.buffalo.edu/ubit/help or by phone at 716-645-3542, with questions about any UB technology services.
  • Identify a point of contact at your school to report cyber incidents. Follow UB’s procedure for reporting suspected phishing messages at UB
  • Understand how software and firmware updates are implemented on school-issued devices. On UB-owned devices, UBIT support staff will automatically keep software up to date. If any action is required from you, we will post information about the change on the UBIT website and contact you in advance.
  • Change default passwords for school applications when permissible by the school. You can change your UBITName password using the UBITName Manager. Be sure to follow UBIT’s tips for making a secure password or passphrase
  • Consider covering device cameras when not in use for class sessions.

Also, don't forget to review UBIT's recommendations for securing meetings and handling disruptions.

Get more information about safe computing at UB

The Safe Computing section of the UBIT website has more information about securing yourself, your devices and your personal information while working and learning at UB.