5 Ways to Protect Online Learning Environments

As most schools continue to provide online learning during COVID-19, here are some ways to keep students and systems protected

Remote work has become a way of life for many office and call center employees in the wake of the COVID-19 pandemic. As the school year began this fall for most students, it became clear that many schools would be at least partially remote for the foreseeable future. This past spring brought educational safety and security into question with issues such as Zoom Bombing and an array of data breaches, including Columbia College in Chicago, University of California and even Mountain View High School in Mountain View, California.

Cybersecurity Live - Boston

Online Learning Protection

As educational institutions from preschool through college are making moves to continue with online learning as the pandemic continues, there are a few ways they can ensure the safety of their staff and students as well as the security of their data.

Update Everything

One of the easiest ways to ensure safety and security of data and individuals is to keep applications up to date. Most updates include security patches to prevent insecure code from being exploited. In some cases, this could even include new features to allow better control, as we saw when Zoom vulnerabilities were being exploited earlier this year. Keeping all software, including operating systems, updated ensures that you are patched against any known vulnerabilities that could be exploited by malicious actors.

While schools will only have the ability to force updates on owned equipment, there should be a districtwide update policy and procedure in place for any systems they have control over. Beyond that, students and parents of minor students should be educated on ensuring all software and devices on their home networks are kept updated.

Control Access

While many access control features are already in place, there are some aspects of access that can be easily overlooked. Any applications being utilized for cyber education should incorporate URL filtering features to prevent access to known malicious websites or IP addresses as well as those that could be inappropriate for an educational environment. While a school or districtwide solution will likely cover most of the need for access controls, URL filtering may need to allow instructors to adjust the requirements for their individual classes.

Secure File Sharing

Whether they are in primary school, secondary or college, students taking part in online learning will need to have a secure method of submitting files to instructors or even classmates. This means there will need to be data retention policies in place mandating how long files submitted by students are retained on the servers. Practices also should be in place to secure the data on servers and in transit. Uploads should be done only through a secure connection such as over HTTPS or an authorized VPN. Once uploaded, data should be encrypted on the servers to ensure it is not usable in a data breach event.

File-sharing is one aspect that will require that the end user be considered in the solution. While high school and college students will likely be able to understand how to ensure processes are followed properly, elementary school students may need an easy-to-use solution. Different age groups or class types may need customized solutions to fit their individual needs.

Keep Backups

Along with adequate cyber protection to secure against breaches and malware, backups are a crucial step to take in securing data. Ransomware attacks accounted for 80% of malware infections in education over 2019, according to the “Verizon 2019 Data Breach Investigations Report,” and 75% of data compromised was of a personal nature. A backup solution with integrated anti-malware protection can help prevent most malware attacks, including those that target backup systems, and help get your systems restored from backups in a relatively short amount of time after an attack.

It is also worth considering how your facilities will fare in the midst of the storm season. This year has been one of the busiest storm seasons on record, which means heavy winds and rains are bringing power outages and damage in the form of hurricanes, tornadoes and flooding. Critical systems may be down temporarily, but having data backed up ensures minimal downtime and the ability to become fully operational without having to recreate data or deal with data loss. While all school and district systems will need backups, a simple solution for restoring class-level backups should also be considered.

Prepare for Disasters

In the cybersecurity world, we have a saying: Assume breach. This does not mean that we walk around being paranoid about every anomaly or spend sleepless nights worrying about what we might have missed that could let an attacker into the network. What it means is that we are always prepared to respond to a data breach and have a plan in place for who will handle what aspects of the triage and how. Proper incident response and disaster recovery plans are a must for any business and are, in many ways, even more critical for educational institutions.

Proper incident response plans and disaster recovery plans will cover exactly who is responsible for each aspect of the response and how they will address the response. This includes district-, campus- and classroom-level responses. The plans will also include specific details on when and how to communicate details as well as who to escalate different scenarios to, and steps to take in restoring access and services.

With online learning continuing in many schools, it is time to consider the additional measures required to protect schools, students and staff. While schools were primarily designed for in-person instruction, most of the security measures taken were focused on administrative systems. While this is a great start, these measures now have to be stretched to cover not only district and campus cyber protection but also the virtual classroom and individuals.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Topher Tebow

Topher Tebow is a cybersecurity analyst, with a focus on malware tracking and analysis. Topher spent nearly a decade combating web-based malware before moving into endpoint protection. Topher has written technical content for several companies, covering topics from security trends and best practices, to analysis of malware and vulnerabilities. In addition to being published in Infosec Island, Topher has contributed to articles by several leading publications.

topher-tebow has 5 posts and counting.See all posts by topher-tebow