Securing Remote Learning For The College Crowd

By Renee Tarun, deputy CISO, Fortinet.

Renee Tarun

The disruptions to our society due to the coronavirus pandemic include significant impacts to education. Universities and colleges around the world have had to adjust to the reality of remote learning, at least for the foreseeable future.

The nation’s largest four-year college system, California State University, announced in May that instruction will primarily be conducted online this fall, and many other institutions are following suit. It’s now estimated that 70% of students are currently engaged in some form of online education.

This shift to digital learning has introduced a steep learning curve that many institutions that were unprepared for. Schools are working quickly to not only build the curriculum and content necessary to support online courses, but to also build the distance learning infrastructure needed by faculty and students to ensure simple and seamless remote access to this content. The challenges are, how to do this at scale, and how to do it securely.

The need to provide distance learning, and to do it quickly, has introduced new risks for educational institutions while creating potential opportunities for cyber adversaries. Schools have long been a target for cybercriminals. According to the 2019 Verizon Data Breach Report, education continues to be plagued by human errors, social engineering and denial of service attacks.

The changes brought about by the pandemic only compound those existing challenges. Based on recent information released in the latest Global Threat Landscape Report from FortiGuard Labs covering the first half of 2020, education comes in third, only after telecommunications providers and managed security service providers (MSSPs), in the percentage of institutions detecting ransomware.

Making Distance Learning Secure

Cyber adversaries have refocused their criminal efforts to take advantage of the new remote work and education environment resulting from the COVID-19 pandemic. They’re targeting the vulnerable devices and home networks of remote users looking to use those systems to open a back door into the core network.

This is evidenced by the significant increase in attacks targeting such things as consumer-grade routers, personal IoT devices, and components such as DVRs connected to home networks detected during the first half of 2020. Threat researchers are also seeing a spike in older attacks designed to exploit vulnerabilities in the often unpatched devices on home networks.

In fact, 65% of detected threats were from 2018, and a quarter of all detected attacks targeted vulnerabilities from 2004.

Naturally, the ability to securely support a remote learning policy is an essential component of any continuity and disaster recovery plan. However, to ensure that networked resources of colleges and universities, as well as those of remote faculty and students, are protected, these new realities need to be taken into account.

Here are several basic steps every educational institution needs to implement to effectively and securely set up and maintain a remote, e-learning environment. These include:

Implement Safe Learning Practices

In addition to technologies, you will also need to ensure that faculty, students, and staff are familiar with cybersecurity basics to ensure they remain safe in an environment where they are being particularly targeted by cybercriminals. No online course is complete without having some form of cybersecurity education in the syllabus.

This includes things like proper password hygiene, ensuring that required security software is current and operational, and that devices and applications are updated with patches.

They will also need to know how to exercise caution with public networks, especially in places like coffeehouses and cafes where students like to live, in addition to hotels and airports, etc. Insisting that they use a VPN connection to access or transmit data is essential, as is ensuring that any distance learning tools – both the front end used by students and the back end used by teachers – support SSL VPN and strong authentication.

And finally, help them learn how to identify social engineering and spot attempts to steal personal and proprietary information through email (phishing), texting (smishing), and phone (vishing) attacks.

Be Prepared to Go the Distance

In this time of distance learning, cybersecurity must remain a top concern if you are to protect students, faculty, and valuable digital assets. The ability to support everyone involved in the educational process through the addition of secure access, appropriate web filtering, and powerful backend detection and inspection tools that complement remote study and work is essential to ensuring continuity, security, and positive user experience.

By observing basic security protocols and educating staff, faculty, and students about good security hygiene, you will help every concerned transition smoothly and safely into remote learning.

Write a Comment

Your email address will not be published. Required fields are marked *