Cybersecurity Considerations for Remote Learning

Jun 25, 2020 by

In the past few months, essentially, the entire world has changed in some pretty drastic ways. Even as the world tries to get back to a sense of normalcy, some changes from the coronavirus pandemic may stick around, like remote learning.

With that comes considerations such as cybersecurity for remote learning.

In a normal situation, there is a multitude of regulatory guidelines educational institutions must adhere to, to protect data and information. For example, there’s something called the Gramm-Leach-Bliley Act or GLBA. GLBA compliance for higher education means that learning institutions have to follow certain guidelines because they participate in financial activities outlined in banking law.

It can all get complicated pretty quickly, but cybersecurity situations are usually only designed for in-person learning and traditional academic settings.

What new considerations have to be thought about with more remote learning likely to take place in the fall at all educational levels?

The Risks Are Real

An educational institution that’s considering or is already doing remote learning at any level should be aware of the potential risks and cybersecurity threats. No organization is immune, and the FBI recently issued a public service announcement saying they anticipate cyber actors will exploit the growing use of virtual learning environments as a result of covid-19.

The FBI, in its advisory, told academic organizations and institutions should always consider the risks associated with using any digital tools for remote learning. This includes risks on both the teacher and the student side of things.

Remote learning increases the attack surface of the entire education community. One mistake on the part of one person in a school district network could lead to a serious data breach or infection.

Risks can be simple—for example, phishing emails remain one of the top ways hackers exploit systems.

Conduct a Risk Assessment

Any learning organization needs to do a risk assessment now and then set times to do them at regular intervals into the future, particularly as the world of remote learning is probably only going to continue increasing in popularity.

You can do an audit to see any potential issues, particularly as they pertain to cloud security.

Think about where gaps might exist. For example, maybe both students and educators are using their own devices, instead of devices owned by the district or institution. Maybe work is being done on unsecured networks, or there are issues with keeping software and devices updated.

If you can identify gaps, you’re better equipped to address them proactively.

You might think about having a third-party risk assessment done because it will give you a better idea of where vulnerabilities truly exist.

Create Guidelines

As schools and other academic institutions are creating and implementing remote learning plans, they should make sure they include cybersecurity guidelines within those plans. Guidelines need to be addressed to administrators, teachers, and students.

If you’re using third-party vendors and resources, you need to make sure they have the proper data security and compliance protocols in place.

Many school districts are starting to put together lists of approved remote learning resources and vendors.

Provide continuous updates, educational materials, and training to everyone who will be accessing educational resources.

Create Password Protocols

Passwords go a long way for cybersecurity. You should make sure that your faculty and staff as well as all students are required to adhere to best practices for cybersecurity. School districts and learning institutions should also use multi-factor authentication when possible.

Create Visibility

All education institutions need to put their focus on not just preventing cybersecurity attacks, but also creating visibility. If you can’t see something, you can’t prevent or measure it.

How you decide to facilitate that visibility can vary, but it needs to be a priority.

Covid-Specific Scams

Finally, there are not only existing threats to be aware of in remote learning, but some cybercriminals are exploiting the covid crisis itself. Send out regular newsletters or email updates to all stakeholders including educators, students, and parents about scams as you learn of them.

For example, let everyone know where they should go for information and speak out on the prevalence of inauthentic information sources.

Let everyone know that IT staff for the district or school won’t ask for login credentials via email.

You might also think about enabling email setters for Sender Policy Framework, and Domain Keys Identified Mail, which will provide validation that emails are being sent from authorized mail servers.

There’s a lot to build into remote learning plans, and cybersecurity should be at the top of the list.

Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.