Higher education institutions have encountered an unprecedented crisis in the face of the COVID-19 pandemic – enabling secure, reliable remote learning pathways. Mandatory campus lockdowns have forced students, professors and administrative faculty to transition to digital workspaces. While online platforms like Blackboard and Coursera are helping bridge the gap, the rapid shift to eLearning environments has revealed a variety of infrastructural- and security-related weaknesses within the education industry.
One study by the nonprofit technology company EDUCAUSE found that developing an information security strategy is the biggest challenge academic institutions will face in 2020. Without strong, risk-based cybersecurity processes, IT administrators may struggle to detect, prevent and respond to malicious activity. The need for robust cybersecurity is twofold: Remote learning and bring-your-own-device culture. To understand how these trends are directly impacting campuses across the U.S., let’s take a closer look at the details.
Remote learning: Risks and vulnerabilities
Remote learning has enabled college campuses to continue teaching students despite the global pandemic, but this practice comes with a few inherent risks. Educational technologies (EdTech) are prone to the same sorts of cybersecurity threats as business applications, including ransomware, account takeovers, data theft and more. Campuses that were caught off guard by the health crisis have had to quickly deploy new IT solutions to facilitate distance learning. However, many IT administrators didn’t have time to vet these solutions or prepare students to use new platforms effectively.
“If they didn’t already have a set of tools they were using, in many cases they needed to find, or just essentially deputized their teachers to find, whatever they can… to deploy,” said Doug Levin, president of EdTech Strategies, in an interview with EducationDive.
This lack of coordination has created new challenges for campus network security and remote access management, especially when users rely on their personal devices (more on this later). As a growing number of students make use of digital learning pathways, the amount of sensitive information transmitted over campus networks is only increasing. One reason academia is such a lucrative target for hackers is student data – financial records, transcripts, health data, etc. – which can be used to commit identity theft and fraud. Traditional, on-campus facilities often have robust security controls and protections that can safeguard against these types of threats. However, when users access this information from remote, at-home networks, there’s often a greatest risk of hacking and exploitation.
Bring your own device (BYOD) is a set of policies that encourage students to use their personal devices to access educational platforms and data from anywhere. As noted by IBM, BYOD can be either relaxed or restrictive depending on an organization’s specific needs and security requirements. In some cases, giving users unlimited access to all educational resources may be necessary, but most IT experts recommend granting access only to non-sensitive systems and data. Regardless of the institutional protections, end users are fully responsible for ensuring their firewalls, antivirus software and operating systems are kept up to date.
While using personal devices to access campus networks has been the norm for over a decade, the COVID-19 pandemic has made it a universal necessity. Alongside the risks posed by unsecured devices – desktops, laptops, smartphones, tablets, etc. – IT administrators must also consider how home routers can be leveraged to commit cybercrimes. According to research from Symantec, 75% of cyberattacks levied against their “honeypots” – virtual machines that mimic the behavior of real devices – came from infected routers. This trend reveals that hackers are getting more creative about their operations, and are taking steps to bypass traditional security protections on personal devices.
Improving cybersecurity in the higher education industry
Although remote learning and BYOD culture have introduced new challenges for network management and security, there are some simple steps campuses can take to protect against hacking and data theft. The Association for Supervision and Curriculum Development offered the following recommendations and cybersecurity guidelines for safeguarding remote learning environments:
- When using a video conferencing system (like Zoom or Google Hangouts), universities should avoid platforms that require students to create a unique account.
- Campuses should remind students, teachers and staff that no member of their in-house IT staff will ever ask for login credentials or for students to click on specific email links.
- Integrating two-factor authentication should be a top priority for any remote learning pathway.
Alongside these policy-based recommendations, IT administrators should also look for ways to enhance their visibility and control over remote devices. Faronics’ Deploy application empowers colleges to ward off cybersecurity threats by keeping all devices, applications and operating systems up to date. With one-click implementation, IT administrators can optimize key application and device management tasks for individual endpoints and user groups. This level of oversight can help ensure that all users are running the latest versions of Windows OS, Mac and popular applications like Adobe, Microsoft Office and more. Paired with advanced patch scanning and agent deployment, IT professionals can eliminate zero-day threats, monitor for new vulnerabilities and create automated patching schedules.