Preparing for Cybersecurity Issues in E-Learning Systems
Distributed e-learning systems also pose a potential problem for postsecondary schools, especially as the number of students and staff using these systems fluctuate over time. If colleges and universities suddenly find themselves pivoting back to online learning because COVID cases are surging, it helps to have an infrastructure that can keep up with rapid transitions.
“Consider the ‘availability’ principle of security,” Silk says. “Making sure that all students will have the devices and bandwidth they need to connect to our systems is the first hurdle.”
She also notes that many schools have been shipping laptops and mobile Wi-Fi hotspots to students in need of connectivity support. While this can reduce economic disparity and improve technology access, it introduces potential hijacking risks. This poses significant security risks, especially, for systems that are managed by very few staff.
MORE ON EDTECH: Learn more about how to solve evolving security challenges for remote campuses.
The key, in this case, is access management. “Once everyone can get online, restricted access to verified users via two-factor authentication will minimize the risk of gate-crashing,” she says.
It is also critical to implement permissions-based access management tools that can identify users by their location and behavior. Because many students access e-learning systems from multiple locations — such as home, work and campus — universities need solutions that can assess both current and historic access requests, deny or approve logins, automate incident reports and terminate connections.
Tips on Securing LMS for Online Learning
Many colleges and universities already have reasonably robust learning management systems, thanks to increased student demand for more flexible learning experiences.
“The security and privacy of the core LMS used in the organization is probably in good shape already,” Silk says.
The challenge, however, lies with securing the Learning Tools Interoperability add-ons.
“Secure the myriad assortment of LTI add-ons that faculty and teaching fellows can likely connect via a click-through agreement,” Silk says. “The risk of data leakage or breach through that attached module can be greatly reduced if you have a ready method — and practice — to pass an opaque identifier and no identifiable student information to the integrated system.”
It is also worth considering vulnerability assessment tools, which can unearth potential LMS issues before colleges and universities roll out these systems at scale.
READ MORE: Does the LMS of the Future Need to Be Mobile, Social and Open-Source?
Back to Basics: Securing Social Media
As more and more faculty turn to social media to engage students during online learning, this entails some security risks. Social media can open a door for viruses and malware to infect educational infrastructure. The good news is, basic security measures can significantly reduce most risks.
“Make sure your systems have up-to-date patches and that you’ve backed up your important data to an off-network location for restoration if needed,” Silk says.
She also speaks to the need for regular training for both staff and students. “Anyone can be tricked by a scam on a bad day,” she says. “Taking a breath, and considering if the message or request sounds reasonable from the alleged source, helps a lot.”
By creating a culture of security awareness — especially one that prioritizes safety over speed — schools can mitigate growing social media security risks.
Ways to Secure Third-Party Vendors
There are two key areas that are becoming more challenging for higher education cybersecurity teams to manage effectively: third-party services that process data for schools, and the growing number of Internet of Things and Industrial IoT devices on campus.
As schools turn to more third-party services for managing online and in-person classes, vendors can pose major security risks.
“Sussing out realistic vulnerabilities in technology and processes that could allow significant incidents is key,” Silk says. “So is having your negotiation offices ensure your contracts have the proper security and privacy clauses with the vendors–including service-level agreements for incident notification.”
And considering that many legacy systems were not designed to handle the continuous connectivity that IoT solutions require, this can create large cybersecurity gaps.
MORE ON EDTECH: See how Arizona State University built a smart campus.
“With increasing demand from students and faculty for smart classrooms and smart buildings, the rate of installation of new devices that were not designed with security in mind — because they won’t handle sensitive data but can control the environment — can introduce new attack vectors onto your network,” Silk says.
“This becomes a challenge for both sides of the equation, the device manufacturers and your own security professionals,” she adds, highlighting the need for modern infrastructure.
Solving this security challenge requires both initial network assessments and new infrastructure deployments that are capable of handling IoT connectivity at scale. Trusted third-party evaluations can provide the foundation for new frameworks. They can identify applications and services that contain potential points of compromise, paving the way for cloud-based technologies that can handle the volume and variety of device connections.
On Securing Higher Ed’s Online Classrooms
For IT security teams, cybersecurity is now critical for ensuring that new online learning initiatives do not compromise existing infrastructure.
To defend the digital front lines, schools can start by identifying spending and staffing shortages. They should also prioritize common challenges such as digital trust, distributed e-learning systems, expanded LMS frameworks and social media security.
Last but not least, it is critical for colleges and universities to address potential risks surrounding third-party vendors and IoT implementation. This way, distance-learning environments can deliver the intended results.