Cybersecurity for students
Home Safety Tips Resources » Cybersecurity For Students

Keep your student cyber-safe

As students head to their secondary education destinations, cybersecurity may be the last thing on their minds. However, according to CyberScout®, college students’ clean credit reports, constant internet connection, and multiple social media profiles make them prime targets for cyber criminals.

Students may not realize exactly how open to attack and exploitation they are: PacketLabs, a company that tests the cybersecurity of companies and institutions, says the education sector is the least secure of the 17 industries it tracks, with multiple vulnerabilities in areas like application insecurity; outdated software; and the connection of multiple laptops, tablets, mobile phones, and other wireless devices to college and university networks. In aggregate, these flaws create multiple attack paths for cybercriminals sleuthing for chinks in an institution’s defenses.

Before classes begin in the fall, have a conversation with your student about computer safety. Here are some tips you can pass on to help them concentrate on school rather than dealing with hacks. And by the way, these steps can be helpful for anyone — not just students.

Secure it

Anyone using a computer, whether that’s a personal or school computer, should lock it — or log out — when they’re not actively using it.

Even better, physically lock up any digital devices or documents that contain personal identifiable information (PII). This can include full name, Social Security number, birthdate, phone number, and/or address. Laptop locks and security boxes can help protect laptops, tablets, USBs, and external hard drives.

Keep it in sight

Make sure devices are always in your line of sight. Even a short trip to the restroom can be chancy. A lot can happen in those few moments and it’s not worth the risk.

Register and track devices

College students are constantly on the move between classes, study spots, and side jobs. Registering devices with campus police will make it easier and faster if you need to report a missing device.

Also, many devices today come with tracking features and there are physical hardware tools to attach to it like Tile or Apple‘s AirTag. These can be an inexpensive way to add another layer to your computer's safety armor.

“Password” isn’t a good password

Weak passwords can make anyone vulnerable to hackers, students included. Once hackers have hijacked a password, they’ve got a free pass to access whatever data a computer might contain, and through that computer, information stored on a network it’s connected to. We’re constantly being reminded that a strong password is our first line of cybersecurity defense, but according to DataProt, an independent cybersecurity review site, 12345 is still being used as a password more than 23 million times.

The U.S. Cybersecurity and Infrastructure Security Agency recommends these best practices for password creation.

  • Use different passwords for each system or account you own.
  • Use the longest password or passphrase permissible by each system or account.
  • Do not use passwords that are based on personal information that can be easily accessed or guessed.
  • Do not use words that can be found in any dictionary of any language.
  • Use multi-factor authentication, which requires an extra piece of data to log in.

Check links

Students should always review suspicious links before they click on them. Red flags include links that have been shortened by a generator like bit.ly, that have strange characters, or that came from an unsolicited sender.

Anyone wanting to check out a link before they click on it can use a free or low-cost source like PSafe’s online Website Checker to help them verify its safety. There’s also Quad9, a free service that blocks contact with malicious host names listed on an up-to-the-minute roster of potential threats

Check emails for authenticity

One of the most common methods hackers use to get your information is through fake emails. Unfortunately, even the most careful person can be duped into clicking a bad email link.

Here are a couple of ways you can tell if an email is fake or malicious:

  • Don’t overreact. If an email is sent to you threatening to share your private information, don’t jump to conclusions immediately. More likely than not, a scammer is using a threat to manipulate you.
  • Check the domain name (what follows the @ symbol). If it’s spelled incorrectly (e.g. @grinnelmutual.com — there should be two ‘l’s) it’s probably a scam.
  • Look for misspellings and/or bad grammar.
  • Look closely at attachments. Do not open attachments without examining them first. Are you expecting the email and/or the attachment?

Be careful of public Wi-Fi

These days, with wireless connectivity nearly universal and free in places like coffee shops or college study areas, students should know that logging onto the internet using Wi-Fi could make them vulnerable to hackers or snoopers. 

To protect themselves, they should make sure the Wi-Fi they’re accessing is the real one provided by the business or school, and not a “spoofed” portal that’s made to look legitimate. Another possible way of thwarting hackers is using a cell phone’s hotspot to connect. When using public Wi-Fi students could also use a virtual private network (VPN), which will hide their traffic from anyone that might be monitoring the network they’re on

Learn more about cybersecurity

Want to know more? The Grinnell Mutual cybersecurity team has put together a list of tips to keep in mind when you’re looking for ways to help your student stay safe online, or to stay safe yourself.

The information included here was obtained from sources believed to be reliable, however Grinnell Mutual Reinsurance Company, SI, and its employees make no guarantee of results and assume no liability in connection with any training, materials, suggestions, or information provided. It is the user’s responsibility to confirm compliance with any applicable local, state, or federal regulations. Information obtained from or via Grinnell Mutual Reinsurance Company, SI, should not be used as the basis for legal advice and should be confirmed with alternative sources. 

6/2025