Addressing remote learning security as COVID-19 continues

With the 2020-2021 school year underway, many K-12 educators, administrators, students and families are facing an indefinite period of remote learning. While there are numerous challenges arising from this new academic environment, chief among them is this unfortunate reality of our times: hackers are always looking for ways to capitalize on a crisis.

In the early days of the pandemic, as diagnoses increased, so too did coronavirus-related scams. As a senior FDA official recently outlined, “In the past months, we have seen an unprecedented proliferation of fraudulent products related to the COVID-19 pandemic, and more than ever before, the internet is being used as the primary vehicle for marketing these unproven products.”

These scams aren’t limited to fake testing kits or unapproved vaccines; hackers are also preying on consumers’ fear and confusion to lure them into phishing schemes and malware attacks. Within the K-12 sector specifically, the FBI recently issued an alert warning that “…cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning.”

In this environment, it’s imperative that schools are cognizant of remote learning security vulnerabilities but it’s equally critical that families know how to address them. That’s why schools must educate their communities about these threats as part of their continued remote learning communication.
With that in mind, following are a few common remote learning security threats–and tips for ways to address them.

● Phishing Attacks. Research on pandemic-related security concerns found that 44 percent of respondents have noticed an increase in emails from unknown sources and calls and texts from unknown numbers. This is a common marker of phishing attacks, scams in which hackers pose as companies or trusted individuals offering a legitimate coronavirus-related service in an attempt to trick recipients into sharing credit card information or other personal data. It’s important that schools educate their communities about this threat, particularly as many younger students may be interacting with email for the first time with the shift to remote learning.

Encourage students, parents and guardians to check for grammar, punctuation and formatting errors in all communications. It’s also a good idea to review links before clicking on them and look for things like dashes, extra characters, or additional letters and numbers. Right-clicking or hovering the mouse over the email address itself can also provide clues—for example, are there multiple letters or numbers that don’t appear to belong? Finally, schools should encourage their communities to reach out directly to them, the third-party digital resource, or any other company in question to determine the authenticity of the communication if they harbor any doubts. Creating a Slack or Google page to track scams can also be helpful in preventing phishing attacks.

● Unique Passwords. It’s extremely common for students to create simple, easy-to-remember passwords and reuse them across multiple online accounts. However, if those credentials have been exposed in a previous breach, hackers can easily use them to access these accounts, all the data they contain, and potentially even infiltrate the home network from there. With a large percentage of K-12 students learning remotely, creating new digital accounts and accessing more educational resources online, the need for strong, unique passwords is more critical than ever in remote learning security efforts.

To help families guard against this threat, schools must lead by example and first encourage them to change any school-created passwords to something of the student and/or parent’s choosing. Also, any communication introducing a new digital resource should stress the importance of unique credentials to accompany it. Password manager solutions can be extremely helpful in this situation, particularly for families with multiple children participating in remote learning programs.

● Streaming Services. Whether it’s a third-grader taking a movement break with GoNoodle, an eighth-grader taking a virtual field trip to the San Diego zoo, or a high-schooler researching a science presentation on YouTube, the use of streaming services for academic purposes is skyrocketing during the pandemic. It’s important that families are mindful of the inherent remote learning security vulnerabilities, and also apply them to other connected devices like voice assistants and gaming consoles.

One important remote learning security recommendation is to make sure all software is updated. Review the privacy settings on all devices to ensure they opted out of any data sharing settings. In addition, schools should encourage families to mute the microphones on their voice assistants when not actively utilizing the devices. Another way to strengthen smart home security is by creating a separate network for connected devices so that they are not on the same one as computers and smartphones. Finally, as mentioned above, it’s important to ensure that all streaming devices are protected by a strong, unique password.

When the pandemic first forced schools online in March, there was little time for planning or instituting security protocols. The 2020-2021 school year is a different situation, however. Drawing on the lessons learned in the spring, administrators have devised plans to address broadband access, the need for additional computing devices, and other remote learning requirements. They must also ensure that best practices in remote learning security are taken into consideration. Parents and guardians have a lot on their plates, so it’s essential to present this information in a way that doesn’t induce fear but nevertheless underscores the severity of the situation.

By following the considerations outlined above, schools can provide their communities with actionable tips that are easy to implement but can go a long way in protecting online and remote learning security.

Hackers will continue to look for ways to exploit the pandemic, so schools need to stay a step ahead and be proactive in their approach to helping students and families safeguard their data.