The global health crisis has catapulted the entire world into a new version of normal. For those in education – teachers, students, and administrators – the focus is on how to securely and safely provide remote learning experiences to the millions of students in the United States.
As teachers adjust lesson plans, students adjust learning methods, and administrators map out what the future will look like, IT teams in education are working hard to ensure that everyone can securely access the distance learning tools required for the new “classrooms in the cloud.”
As learning institutions adopt remote learning tools, leaders are beginning to inspect the applications and systems used to execute remote learning more closely. Not only should the tools be under scrutiny, but IT teams should be ready to handle the new behavioral patterns of the market in the move to the cloud. For example, the need to defend against cybercriminals that see vulnerabilities as new opportunities, as evidenced by a 148% spike in ransomware attacks.
For the IT professionals responding to this unprecedented event, there are several ways they can prepare for increased cybersecurity risks. Here are eight things IT teams can do when it comes to connectivity, security and privacy.
Only Use Secure WiFi Networks
Every single IT team in education should explain to their school district staff and employees the importance of securely connecting to a private home WiFi network and not a public WiFi hotspot. Using an unsecured hotspot significantly reduces privacy, and opens you up to potential hackers.
Set-Up a VPN
With a small investment, school districts can help their teachers set up a Virtual Private Network (VPN), which allows them to safely send and receive information on a public server. This can help secure employees’ personal devices. A VPN can also encrypt the data being sent back to district offices, as well as scan for malicious software and ransomware. Setting up a VPN for your staff will help secure information and access to IT tools from cybercriminals.
Create Stronger Passwords
As school staff settles into remote teaching, now is the perfect time to remind them to update their passwords beyond “123456.” Remind them that easily hackable passwords make them easy targets for hackers scanning home WiFi networks. IT teams should have each employee implement high-security protection on their personal devices and desktop home computers.
Create & Share “Best Practices”
As the education sector enters the cybernated world, IT teams can help those unfamiliar with the tools and applications used to facilitate remote learning by establishing best practices, and sharing them with everyone. Teachers and faculty may not be as familiar with security best practices when it comes to digital communication. Both Microsoft and Google have released a resources page you can share with staff members.
While at home, teachers or administrators may happen upon an application or tool that they feel will improve their workflow or collaboration with students. Be sure and have the conversation ahead of time about downloading unknown applications or software to their computers or to work-provided devices. Explain that there is an inherent danger to downloading an unknown program that may contain a security error. Remind your team that your job as IT is to vet all of the collaboration tools the district is using, and ensure they are safe and secure.
Discuss Software Updates
Have a plan on how you will have employees handle software updates and patches while they are working from home -- should they wait or should they go ahead and implement updates as soon as they are available. Make sure the messaging is clear to everyone. Explain to them that updates can help protect data, and patch any security errors.
Backup Your Data in Microsoft Office 365 or G Suite
Less face-to-face contact with staff can mean more opportunity for accidental deletions of business-critical data. For example, a staff member, teacher or student who isn’t used to working primarily online might accidentally delete a shared project. A project could also easily be overwritten or corrupted by users or rogue third party apps. While your team is getting adjusted to a new work process, the more protection the better. For that reason, it’s imperative to have a backup and recovery plan that includes the protection and restoration for all your cloud-based data.
Don’t Fall For Phishing
Make sure employees don’t fall for phishing emails. Now is the perfect time for cybercriminals to exploit the pandemic by sending malicious links to unsuspecting employees. As more people work from home, hackers will become even more clever with phishing attempts by sending official-looking emails from school officials. Teach employees how to spot phishing emails and if they see an attempt that looks suspicious, ask employees to report it immediately. Phishing allows criminals to take over control of computers, and perhaps even find a way to access sensitive data.
The ability to successfully provide remote learning experiences to students could prove to be valuable in the future, as school districts realize the practicality of being able to teach students from a distance. By developing the most protected remote learning protocols now, school administrators will be able to execute the same experience during other unexpected school closures, such as blizzards and natural disasters.
It may have taken a pandemic to highlight the need for enhanced security and privacy in the digital space, but it’s something every school district should be concerned about.
In 2019, more than 500 schools in the U.S. were hit with ransomware attacks, based on a report by Armor. School districts are already in the cross-hairs of cybercriminals looking for vulnerable, aging servers and longstanding system vulnerabilities, according to ArsTechnica.
School districts have to start thinking about their place in the digital world, and how they are managing the data of the millions of students entrusted to their care. If they haven’t done so already, officials in education need to start thinking about backing up data, ensuring business continuity, and how to protect the personal information of their students and teachers.