By Renee Tarun, deputy CISO, Fortinet.
The disruptions to our society due to the coronavirus pandemic include significant impacts to education. Universities and colleges around the world have had to adjust to the reality of remote learning, at least for the foreseeable future.
The nation’s largest four-year college system, California State University, announced in May that instruction will primarily be conducted online this fall, and many other institutions are following suit. It’s now estimated that 70% of students are currently engaged in some form of online education.
This shift to digital learning has introduced a steep learning curve that many institutions that were unprepared for. Schools are working quickly to not only build the curriculum and content necessary to support online courses, but to also build the distance learning infrastructure needed by faculty and students to ensure simple and seamless remote access to this content. The challenges are, how to do this at scale, and how to do it securely.
The need to provide distance learning, and to do it quickly, has introduced new risks for educational institutions while creating potential opportunities for cyber adversaries. Schools have long been a target for cybercriminals. According to the 2019 Verizon Data Breach Report, education continues to be plagued by human errors, social engineering and denial of service attacks.
The changes brought about by the pandemic only compound those existing challenges. Based on recent information released in the latest Global Threat Landscape Report from FortiGuard Labs covering the first half of 2020, education comes in third, only after telecommunications providers and managed security service providers (MSSPs), in the percentage of institutions detecting ransomware.
Making Distance Learning Secure
Cyber adversaries have refocused their criminal efforts to take advantage of the new remote work and education environment resulting from the COVID-19 pandemic. They’re targeting the vulnerable devices and home networks of remote users looking to use those systems to open a back door into the core network.
This is evidenced by the significant increase in attacks targeting such things as consumer-grade routers, personal IoT devices, and components such as DVRs connected to home networks detected during the first half of 2020. Threat researchers are also seeing a spike in older attacks designed to exploit vulnerabilities in the often unpatched devices on home networks.
In fact, 65% of detected threats were from 2018, and a quarter of all detected attacks targeted vulnerabilities from 2004.
Naturally, the ability to securely support a remote learning policy is an essential component of any continuity and disaster recovery plan. However, to ensure that networked resources of colleges and universities, as well as those of remote faculty and students, are protected, these new realities need to be taken into account.
Here are several basic steps every educational institution needs to implement to effectively and securely set up and maintain a remote, e-learning environment. These include:
- Segment the network: Internet-facing teaching applications need to be segmented away from your other internal systems and applications, such as HR and administration. This way, if a breach or malware outbreak were to occur, the scope of impact would be limited.
- Make authentication strong: Cracking passwords can be done in a matter of seconds due to advances in hardware processing power. This is part of the reason why there are mountains of stolen credentials for sale on the dark web, with more being added every day. It is essential, therefore, to enforce strong password policies (including complexity, length, and guessability, as well as regular expiration timing), to enforce account lockout after failed attempts to prevent password guessing, and to use multi-factor authentication wherever possible to prevent the misuse of stolen passwords.
- Secure web applications: Because most employee email is still being routed through secure email gateways, web-based attacks have replaced email as the primary attack vector being used by criminals in 2020. Organizations need to scan external sites for security flaws such as cross-site scripting errors and SQL injections. A web application firewall (WAF) may be a critical investment, protecting web application servers and the infrastructure from attacks and breaches originating from the internet and external networks. And it’s equally important to encrypt the traffic between learning systems and users – whether faculty, students or administrators – so information can’t be stolen in transit.
- Browsers are targets, too: For many attackers, the shift to remote work has enabled them to more effectively target unsuspecting individuals. Because this year’s phishing campaigns rely on web-based malware, phishing lures and scams ranked in the top for detected malware through June. This is an example of cybercriminals targeting their attacks for when individuals are the most vulnerable and gullible – browsing the web from home. Web browsers need to be hardened, and organizations should consider using a cloud-based web security gateway to ensure that web browsing is consistently secured whether users are on or off the network.
- Watch for unusual or malicious activities: If distance learning is new to your institution, your IT security team will now see a significant increase in devices and external network traffic connecting to your network. Because of this additional noise, your staff will need the resources that enable them to be extra aware of any unusual login attempts, unexplainable large data transfers, or other behaviors that seem out of the norm.
- Pay attention to third-party risk: Additional vulnerabilities and risk to your enterprise network may result from the third-party technologies that you use in your online learning environments. Whether it’s your learning management system or teleconferencing tools, regardless of whether they are hosted in the cloud or on-premises, it is absolutely essential that you perform a thorough security assessment of the vendor and their products before introducing them into your network environment.
Implement Safe Learning Practices
In addition to technologies, you will also need to ensure that faculty, students, and staff are familiar with cybersecurity basics to ensure they remain safe in an environment where they are being particularly targeted by cybercriminals. No online course is complete without having some form of cybersecurity education in the syllabus.
This includes things like proper password hygiene, ensuring that required security software is current and operational, and that devices and applications are updated with patches.
They will also need to know how to exercise caution with public networks, especially in places like coffeehouses and cafes where students like to live, in addition to hotels and airports, etc. Insisting that they use a VPN connection to access or transmit data is essential, as is ensuring that any distance learning tools – both the front end used by students and the back end used by teachers – support SSL VPN and strong authentication.
And finally, help them learn how to identify social engineering and spot attempts to steal personal and proprietary information through email (phishing), texting (smishing), and phone (vishing) attacks.
Be Prepared to Go the Distance
In this time of distance learning, cybersecurity must remain a top concern if you are to protect students, faculty, and valuable digital assets. The ability to support everyone involved in the educational process through the addition of secure access, appropriate web filtering, and powerful backend detection and inspection tools that complement remote study and work is essential to ensuring continuity, security, and positive user experience.
By observing basic security protocols and educating staff, faculty, and students about good security hygiene, you will help every concerned transition smoothly and safely into remote learning.