By Tim Mullahy, Liberty Center One:
Although the school year is starting to kick off across the United States, the threat posed by the coronavirus pandemic is far from over. As reported by The Guardian, we’ve recently seen a massive surge in COVID-19 cases amongst children, and evidence indicates that reopening schools will exacerbate this.
Not surprisingly, this means that many districts are choosing distance learning as a safer alternative. By allowing students and teachers to connect with one another remotely, schools can help curb the pandemic’s spread among children. However, this approach is far from risk-free.
When you think about the ideal target for cybercrime, what’s the first thought that comes into your mind? Maybe it’s a bank, a law firm, or a hospital. Maybe it’s an organization with valuable trade secrets to steal or a government agency that manages critical infrastructure.
You probably don’t think about schools. But you should. From elementary schools through to colleges and universities, educational institutions are, believe it or not, an attractive target for criminals.
Education, generally speaking, does not put as high a priority on cybersecurity as other industries. This makes schools a comparatively easy target. And the return for a successful attack can still be significant.
Criminals could make off with personally-identifiable information about students, financial data and payment cards from parents and staff, and monetary kickback through ransomware, just to name a few. Alternatively, a student who simply doesn’t want to take an exam might choose to target their school’s network with a Distributed Denial of Service (DDOS) attack, knocking everything offline.
In light of this, it’s extremely important that you take the necessary steps to create a remote learning experience that’s as secure as possible.
- Remote access.
- First, you need to determine how your students will access their online classroom. Will they be actively taught through a zoom call? Will they access the school’s network via a VPN or a remote desktop app? What role do you want cloud software to play in student education?
- DDOS Mitigation.
- A DDOS attack is incredibly easy to execute, making it an ideal tactic for someone with a minimal understanding of cybersecurity. It’s therefore imperative that the school invest in a DDOS mitigation solution, provided you have the budget for it. This can take the form of an onsite appliance or a Software-as-a-Service (SaaS) application.
- Policies and processes.
- Staff and students alike should have strict guidelines for using and accessing the school’s network. These guidelines should include everything from the school’s password policy to its incident response process. Cybersecurity publication Security Boulevard provides excellent guidance on applying the National Institute of Standards and Technology (NIST) framework to K-12 schools.
- Data visibility.
- Many educational institutions make liberal use of platforms such as Dropbox or Google Drive. While these are certainly valuable tools for collaboration, they also present a glaring problem — you have no real visibility into how files are accessed and shared. For this reason, it may be worthwhile to invest in a file-centric security tool that allows you to maintain control over data wherever it goes.
- Multi-factor authentication.
- Passwords alone are not enough to keep your school’s network and students safe. You need to add an extra layer of authentication as well. The simplest way to do this is via an app like Google Authenticator, though you may also consider instituting behavioral or locational authentication as well.
- Due diligence with vendors.
- If your school intends to utilize any applications or platforms as part of its remote learning suite, you must first do your homework. Make sure each vendor you partner with is above-board and places a priority on data security and privacy. Check online for reviews that might give you a hint as to a vendor’s level of quality.
- Regulatory compliance.
- As an educational institution, you are subject to a wide range of regulatory frameworks. These include The Family Education Rights and Privacy Act, the Freedom of Information Act, and if you’re an institution of higher learning, the Gramm-Leach-Billey Act. Email archival expert Jatheon has put together an excellent checklist with guidelines for all three frameworks.
- Device security.
- At a minimum, each student device should have antimalware software installed, and home networks should be firewalled. You might consider emailing parents a general list of best practices for home network security.
- Mindfulness training.
- You cannot guarantee that students and staff will always be safe when browsing the web. However, you can provide basic cybersecurity training. For faculty, this can be done in an official capacity, whilst students can be sent guidelines or even taught general best practices as part of their coursework.
COVID-19 isn’t going away anytime soon. At the same time, we cannot afford to keep students out of school for much longer. Coupled with proper cybersecurity, remote learning provides a potential solution to both problems, preventing an outbreak amongst children and adolescents while also allowing them to keep growing, learning, and advancing.
About the Author
Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.