Distance learning has become the norm for schools worldwide as education leaders try to keep students and staff safe and educational goals on track in the midst of the pandemic.
It’s estimated that 70 percent of students are currently engaged in some form of online education. And it’s not clear how long this state of affairs will continue, as there is no national consensus. For many districts nationwide, it’s still uncertain whether they will return to in-person school in the fall or perhaps use a hybrid model in which some schooling is done online.
Supporting faculty, students and staff with the secure access and appropriate web filtering to study and work remotely is essential to ensuring educational continuity and security. But when this transition to remote learning was mandated, many institutions were caught without the distance learning infrastructure they needed and the means to secure it.
Adjusting to remote learning at the college/university-level is one thing; it’s quite another at the K-12th level. In fact, in some instances, schools don’t even have enough devices to distribute to students so they can participate. On top of the logistic difficulties, the shift to distance learning has created additional risk for schools and potential opportunities for the adversary.
A successful learning experience
School district IT teams can create and maintain an effective and safe distance learning environment for students and teachers by focusing on a few key areas.
• Segmenting the network: Segment your internet-facing teaching applications from your other internal applications, such as your human resources system. This way, if a breach or malware outbreak does occur, the scope of impact is limited.
• Requiring strong authentication: Enforce strong password policies (i.e., complexity, length, and expiration), enforce account lockout after failed attempts to prevent password guessing, and use multi-factor authentication where possible to prevent the misuse of stolen passwords.
• Safeguarding web applications: Exploiting vulnerabilities in applications is the easiest way for an attacker to breach your network. Scan external sites for security flaws such as cross-site scripting errors and SQL injections. Encrypt the traffic between your learning systems and your users, whether faculty, students or administrators, so information can’t be stolen in transit. Deploying a web application firewall (WAF) can protect web application servers and the infrastructure from attacks and breaches originating from the internet and external networks.
• Monitor third-party risk: Additional vulnerabilities and risk come from the third-party technologies that you use in your online learning environments. Whether it’s your learning management system or teleconferencing tools, regardless of whether they are hosted in the cloud or on-premises, perform a thorough security assessment of the vendor and their products before introducing them into your network environment.
• Watch for nefarious or atypical activities: Educational institutions new to implementing distant learning will see a significant increase in devices and external network traffic connecting to their networks. The security staff needs to be aware of any unusual login attempts, unexplainable large data transfers, or other behaviors that seem out of the norm.
Educate your stakeholders
To keep students, faculty and staff safe online, it’s important to make sure they know at least a few basic cybersecurity steps. With younger students especially, parents will also need to be part of this education.
• Learn about and avoid social engineering attempts: Teach all stakeholders to spot attempts to steal personal and proprietary information vial email (phishing), texting (smishing) and phone (vishing).
• Practice good password hygiene: Teach all network users to use strong passwords that aren’t obvious, like your birthday, or the default passwords provided with devices. Never use the same password on multiple accounts and devices. And never share a password with anyone – even individuals claiming to be on the IT team.
• Keep devices updated: Regularly update all devices and applications with patches, and ensure any antivirus/malware software is current and operational.
• Be wise with public networks: There are many free public internet connections anyone can use to jump online. However, they may not be secured. In addition, cybercriminals will often spoof these sorts of networks. So, it’s essential to check with the establishment to ensure the network is legitimate, and when possible, use a VPN connection to access or transmit data. To that end, it is essential that any distance learning tools – both the front end used by students and the back end used by teachers – support SSL VPN and strong authentication.
Parents should not assume that their kids know more than they do when it comes to technology and should be actively be involved in their online life.
Ensure kids understand safe online behavior that includes:
• Not posting personal information like your address, school information, or pictures without checking with a parent first
• Never meeting up with people they meet online
• Be cautions when it comes to downloading software and only visiting trusted sites
• Don’t post or respond to hurtful messages
Implementing a virtual learning plan for your school or district ensures your systems are capable of conducting classes. Doing so safely requires putting proper cybersecurity protocols in place. Use the best practices noted above as a starting point for a digital learning environment that will help you weather any storm.