The Cybersecurity Risks That Come with Remote Learning
Cybercriminals are likely to take advantage of situations where people are scared and desperate for information, Levin tells Education Week.
People may let their guard down and are more likely to click on fraudulent information — anything from a phishing email to downloadable attachments. More than 90 percent of cyberattacks start with phishing e-mails, according to a Consortium of School Networking (CoSN) report on the top five cybersecurity threats for schools.
The FBI also listed other ways bad actors exploit remote learning tools, including: leveraging untrusted software that users download to access sensitive information; targeting communication tools such as videoconferencing equipment and Voice over IP phones to insert inappropriate images or eavesdrop on conference calls; and compromising remote desktop applications.
WATCH: Learn about the state of ransomware and how schools can best protect themselves against it.
Remember These Cyberhygiene Tips for Remote Learning
Here are four ways schools can mitigate cybersecurity risks as they shift learning and teaching online:
- Have clear guidelines in place. There are a plethora of e-learning tools out there that may entice educators who are looking to make their remote learning lessons more engaging and effective. But they need to make sure that any learning resource they use has been vetted to account for data security and privacy issues. Joe Phillips, technology director for Kansas City (Mo.) Public Schools, says any resource a teacher in his district wants to use has to come through his office first. KCPS has also created an approved list of remote learning resources so educators don’t have to search for them online, as well as digital citizenship guidelines for students and parents.
- Educate students, teachers and other school staff. It’s also important for K–12 leaders to regularly educate users on basic online safety. When Clinton Public School District in Mississippi sent fake phishing emails to district teachers as an experiment, 474 out of 572 emails sent out were opened, and 272 people clicked a survey link in the email. Technology Director Kim Griffin realized that teachers were not able to recognize red flags of a potential phishing attack. Districts should reiterate best practices such as checking domain names and immediately deleting emails with suspicious links or attachments.
- Update password protocols. Ensuring password security is also critical. Schools don’t have to require faculty and staff to periodically change their passwords unless they’ve been compromised, but they should adopt multifactor authentication techniques to reduce risks and mitigate the impact of password theft. They should also screen passwords to make sure they have not been linked to a previous breach or cyberattack, according to the National Institute of Standards and Technology.
- Identify potential gaps. Remote learning brings unique security challenges to school districts. For example, students and educators may be using their personal devices from home rather than ones owned and encrypted by the district. There’s also the possibility that users are working on an unsecured network or forgetting to keep their devices and software updated. Plus, as more schools turn to cloud computing to communicate and collaborate beyond school walls, IT staff need to consider how they’re securing data shared over the cloud. To get a better sense of potential vulnerabilities, districts should also consider having a third-party security risk assessment. School leaders must also keep privacy compliance top of mind as they increasingly rely on digital platforms to share information with each other.
Good cyberhygiene practices should be baked into remote learning plans. Without them, districts will be more susceptible to security and privacy threats that can disrupt learning and teaching.