As colleges and universities approach the fall semester, COVID-19 has complicated cybersecurity measures.
This semester, higher-ed institutions around the world have struggled to keep up with the digital demands of remote learning. As these organizations build the infrastructure that will support distance learning moving forward, it’s more critical than ever for the education industry to consider the safety and security of its students and faculty members as we look ahead to how COVID-19 will continue to impact learning institutions.
College campuses have long been a target for cyber threat actors. In fact, EDUCAUSE reported that the number-one IT issue academic institutions face in 2020 is adopting a sound information security strategy. It’s no wonder, considering the rise in faculty and students bringing their own devices (BYOD) over the past decade, coupled with universities’ often insufficient funds to adequately secure campus networks.
And the amount of sensitive data that needs to be safeguarded has risen in lockstep with the number of devices. Academic institutions are a treasure trove of data — from student health and financial data, to faculty resumes and 401(k) information, to critical research and organizational data used to support U.S. companies and government agencies.
Now, in the age of COVID-19, all of this information is even more vulnerable as students and faculty access it via remote, at-home networks that often lag behind on-campus facilities in terms of security.
Academic institutions are aware that remote learning is likely here to stay for the foreseeable future, with campuses across the U.S. deciding to keep students home through the summer and even the fall semesters. With that expectation on the horizon, schools need to start making important decisions now about how to reinforce their IT security for the months ahead — especially when you consider the impact education has on communities, from job security for faculty and staff to talent development for the next generation of innovators.
Beyond the crisis, academic institutions must also consider how COVID-19 has forever changed the classroom environment. Once schools have made the necessary investments to bolster their IT and security infrastructure to support off-campus learning, is a 100% return to campus even viable?
Here are a few key strategies to help higher-ed institutions understand their critical cybersecurity infrastructure and protect remote learners and teachers from today’s greatest cyber threats, both now and going forward.
Remote learning’s biggest threats
As students and teachers across the U.S. wrap up the school year from home, academic institutions need to think critically about their biggest cybersecurity challenges, especially as summer classes approach and conversations about continuing remote learning into next fall ensue.
Emails, PDFs and Office documents, for example, are the most common threat vectors used by cybercriminals — and students can fall victim to social engineering, phishing attacks, ransomware and email fraud without the right protections in place. Similarly, as students receive instruction and emails from their schools and professors (and even the online learning platforms they use to complete assignments), they are not necessarily on high alert to keep an eye out for phishing scams. Data breaches are another serious risk, as students and professors increasingly use personal devices on remote networks.
At this time, it’s critical for academic institutions to understand the implications of a weak cybersecurity infrastructure and take critical steps to protect at-home users and endpoint devices. They must take it upon themselves to enhance cyber awareness throughout their organization and practice good cyber hygiene. This is not only important for protecting students’ sensitive data, but also for ensuring business continuity — particularly for higher education institutions where ongoing faculty communications, adviser roles and critical research must continue in between semesters.
Consider the cloud
Ironically, the sudden jump to remote learning coincides with the ongoing cloud business transformation. For higher-ed institutions — especially those with tighter IT budgets — the benefits of moving to the cloud are extensive, including cost savings, ubiquitous security coverage on and off campus, greater agility, maximum uptime and easy deployment.
This is especially critical for the storing and sharing of critical information developed by university researchers for business and government use. While universities must open up lab data and resources for students and faculty to continue their important research at home, it’s difficult to ensure that this information — previously reinforced by physical buildings and on-prem solutions —doesn’t fall into the hands of threat actors or nation-states.
With that, protecting students and faculty is central to defending these core resources. Academic institutions should consider deploying cloud-based security services to protect their entire organization from advanced email threats (regardless of location) and secure sensitive student and employee data by enforcing multifactor authentication, strong encryption, data protection and compliance policies.
Additionally, as schools plan to keep their doors closed for the summer and potentially fall semesters, they are naturally thinking about moving additional resources to the cloud. Given that students and faculty are prone to using Google and other file-sharing services that are typically not covered by network security infrastructure, academic institutions should consider deploying Cloud Access Security Brokers (CASBs) as an added layer of protection for sensitive information stored in and shared via the cloud.
Ensure strong endpoints
Finally, academic institutions should consider deploying endpoint protection capabilities to secure devices that connect and interact with school applications and data. Endpoint protection platforms are critical for protecting endpoint devices against malware and enabling continuous behavioral monitoring.
Because remote learning has required academic institutions to leverage productivity and collaboration applications like Slack and Zoom, school IT departments need real-time visibility of these applications and any vulnerabilities found on them in order to halt potential threats. This will enable school IT administrators to prioritize what applications to patch, and even enable blacklisting of processes that are launched by unauthorized applications — e.g., if students or professors seek tools or platforms that are not managed by the school. Visibility and control of applications is crucial, because threat actors will always be looking for vulnerable versions of applications running on user endpoints.
These are just a few strategies academic institutions and online learning platforms should consider as they look ahead to the next phases of the COVID-19 response and, potentially, continued remote learning. Reinforcing the cybersecurity infrastructure needs to be the number-one priority if these institutions want to maintain the trust and security of students and faculty long after the crisis is eradicated.
This blog originally appeared on the eCampus News website and is reposted with permission.