Security

4 Tips for Securing Remote Workers in Higher Education

With many university employees working from home, risk-based practices will help avoid security incidents.

Amy McIntosh is the managing editor of EdTech: Focus on Higher Education.

The COVID-19 pandemic changed the ways colleges and universities operate. Instructors pivoted to virtual environments and university staff were sent home to work. While this work-from-home model was not previously the norm in higher ed, today, flexible schedules are becoming more common. But as more employees work from home, more potential security risks are at play.

In a recent webinar with Dark Web, Jason Clark, an independent security researcher, presented strategies for monitoring and securing remote work environments. Here are his recommendations.

DISCOVER: Colleges secure the IoT with proactive solutions and strategies.

1. Develop Policies and Practices Specific to Remote Workers

If you don’t already have a remote work policy in place, think about creating one, either as a stand-alone policy or a supplement to the existing IT security policy. This should include information on BYOD policies and procedures. Account for every device that might have access to the larger university network, including laptops, printers and phones. Assume that home work environments are more susceptible to security threats than on-campus offices and develop policies with a risk-based framework in mind.

Make sure remote workers are using secure home Wi-Fi connections and that their anti-virus software is up to date. In a shared home office environment, employees should be mindful of those in their space and keep devices and their data away from others.

Encourage employees to disconnect from VPNs when not in use and remind them to use strong passwords and change them often. Offering regular security trainings can help remote workers be mindful of best practices, but it’s important that employees complete the trainings and take them seriously.

Click the banner below for exclusive content about security in higher ed.

2. Implement Authentication Best Practices to Reduce Security Issues

Privileged access management can help reduce common IT security issues that can arise with authentication. PAM can confirm the identity of the remote user regardless of the device being used. PAM also allows the IT department to fine-tune privileges by enforcing the concept of least privilege to help mitigate security threats. PAM gives IT administrators full control over privileges, allowing them to grant access by location or set time limits for access.

Consider implementing a single sign-on solution, which allows centralized authentication and grants access to must only memorize one strong password to get secure access to applications, which is easier for them and reduces calls to the IT department. Implement multifactor authentication wherever possible for an added layer of defense.

EXPLORE: How to avoid security breaches within the IT department.

3. Use Zero-Trust Network Access for Secure Remote Connections

VPNs allow employees to remotely connect to the central network, but some traditional VPNs have security flaws, including open and continually listening ports, hardware that can be easily hacked, and a reliance on usernames and passwords that can be easily compromised.

Zero-trust network access provides secure remote access to applications and services based on defined access control policies. Users are authenticated and given access to only the applications they need through an encrypted channel. Zero-trust network access provides some visibilities that VPNs may lack and helps to reduce the attack surface.

LEARN MORE: Understanding the zero-trust model can help prevent ransomware attacks.

4. Employ User Entity Behavioral Analytics

User entity behavior analysis establishes models to show IT administrators what typical activity looks like on a network and makes it easy to spot when a user or set of users deviates from this norm. This can help identify compromised accounts, users purposely trying to escalate their privileges or signs of insider threats.

Insider threats are on the rise with remote workers, as distracted and stressed work-from-home employees are vulnerable targets. Cybercriminals attempt to use workers to commit cybercrimes against their own organizations. User entity behavioral analytics can alert IT administrators of suspicious activities, such as user activity from an abnormal location, accessing networks at odd hours, or a remote employee accessing rarely used systems or programs. Unusual user activity can raise red flags for IT administrators and prompt them to look more closely.

Now more than ever, universities should be instituting risk-based policies and practices given the prevalence of remote workers. By employing these best practices, IT teams can help their remote staff avoid security incidents.

Deagreez/Getty Images