As colleges and universities approach the fall semester, COVID-19 has complicated cybersecurity measures

COVID-19 ushers in a new era of cybersecurity

As colleges and universities approach the fall semester, COVID-19 has complicated cybersecurity measures

Academic institutions are aware that remote learning is likely here to stay for the foreseeable future, with campuses across the U.S. deciding to keep students home through the summer and even the fall semesters. With that expectation on the horizon, schools need to start making important decisions now about how to reinforce their IT security for the months ahead — especially when you consider the impact education has on communities, from job security for faculty and staff, to talent development for the next generation of innovators.

Beyond the crisis, academic institutions must also consider how COVID-19 has forever changed the classroom environment. Once schools have made the necessary investments to bolster their IT and security infrastructure to support off-campus learning, is a 100 percent return to campus even viable?

Here are a few key strategies to help higher-ed institutions understand their critical cybersecurity infrastructure and protect remote learners and teachers from today’s greatest cyber threats, both now and going forward.

Remote learning’s biggest threats

As students and teachers across the U.S. wrap up the school year from home, academic institutions need to think critically about their biggest cybersecurity challenges, especially as summer classes approach and conversations about continuing remote learning into next fall ensue.

Emails, PDFs and Office documents, for example, are the most common threat vectors used by cybercriminals — and students can fall victim to social engineering, phishing attacks, ransomware, and email fraud without the right protections in place. Similarly, as students receive instruction and emails from their schools and professors (and even the online learning platforms they use to complete assignments), they are not necessarily on high-alert to keep an eye out for phishing scams. Data breaches are another serious risk, as students and professors increasingly use personal devices on remote networks.

At this time, it’s critical for academic institutions to understand the implications of a weak cybersecurity infrastructure and take critical steps to protect at-home users and endpoint devices. They must take it upon themselves to enhance cyber awareness throughout their organization and practice good cyber hygiene. This is not only important for protecting students’ sensitive data, but also for ensuring business continuity — particularly for higher education institutions where ongoing faculty communications, adviser roles, and critical research must continue in between semesters.

Consider the cloud

Ironically, the sudden jump to remote learning coincides with the ongoing cloud business transformation. For higher-ed institutions — especially those with tighter IT budgets — the benefits of moving to the cloud are extensive, including cost savings, ubiquitous security coverage on and off campus, greater agility, maximum uptime, and easy deployment.

This is especially critical for the storing and sharing of critical information developed by university researchers for business and government use. While universities must open up lab data and resources for students and faculty to continue their important research at home, it’s difficult to ensure that this information — previously reinforced by physical buildings and on-prem solutions —doesn’t fall into the hands of threat actors or nation states.

With that, protecting students and faculty is central to defending these core resources. Academic institutions should consider deploying cloud-based security services to protect their entire organization from advanced email threats (regardless of location) and secure sensitive student and employee data by enforcing multifactor authentication, strong encryption, data protection and compliance policies.

Additionally, as schools plan to keep their doors closed for the summer and potentially fall semesters, they are naturally thinking about moving additional resources to the cloud. Given that students and faculty are prone to using Google and other file-sharing services that are typically not covered by network security infrastructure, academic institutions should consider deploying Cloud Access Security Brokers (CASBs) as an added layer of protection for sensitive information stored in and shared via the cloud.

Ensure strong endpoints

Finally, academic institutions should consider deploying endpoint protection capabilities to secure devices that connect and interact with school applications and data. Endpoint protection platforms are critical for protecting endpoint devices against malware and enabling continuous behavioral monitoring.

Because remote learning has required academic institutions to leverage productivity and collaboration applications like Slack and Zoom, school IT departments need real-time visibility of these applications and any vulnerabilities found on them in order to halt potential threats. This will enable school IT administrators to prioritize what applications to patch, and even enable blacklisting of processes that are launched by unauthorized applications -— e.g., if students or professors seek tools or platforms that are not managed by the school. Visibility and control of applications is crucial, because threat actors will always be looking for vulnerable versions of applications running on user endpoints.

These are just a few strategies academic institutions and online learning platforms should consider as they look ahead to the next phases of the COVID-19 response and, potentially, continued remote learning. Reinforcing the cybersecurity infrastructure needs to be the number-one priority if these institutions want to maintain the trust and security of students and faculty long after the crisis is eradicated.

eSchool Media Contributors
Latest posts by eSchool Media Contributors (see all)