Apr 15 2020

4 Cyberhygiene Practices for Secure Remote Learning

District leaders have a lot to think about when it comes to implementing and navigating remote learning during school closures. But they must not forget about how crucial it is to have cybersecurity measures in place before rolling out their e-learning plans.

Schools are already increasingly vulnerable to cyberattacks. Since 2016, there have been more than 800 cybersecurity-related incidents affecting U.S. K–12 public schools and districts, according to the K–12 Cyber Incident Map.

Those threats are even more apparent when students, educators and other school staff have to learn and work from home — especially in times of crisis.

Earlier this month, the FBI released a public service announcement noting they anticipated that “cyber actors will exploit increased use of virtual environments” as a result of COVID-19.

The FBI advised academic institutions using digital tools for remote learning and teaching to consider the risks associated with them. They also indicated that schools should closely monitor students’ online activity as the “rapid incorporation of education technology (edtech) and online learning could have privacy and safety implications.”

“With more teachers and students online, particularly if they’re doing it from less controlled environments outside of the school, the attack surface of the school community is increased,” Doug Levin, founder and president of the K–12 Cybersecurity Resource Center, tells Education Week. “In many cases, all it takes is for one person to make a mistake in a school community for a school district network to get infected, or a data breach to happen.”

The Cybersecurity Risks That Come with Remote Learning

Cybercriminals are likely to take advantage of situations where people are scared and desperate for information, Levin tells Education Week.

People may let their guard down and are more likely to click on fraudulent information — anything from a phishing email to downloadable attachments. More than 90 percent of cyberattacks start with phishing e-mails, according to a Consortium of School Networking (CoSN) report on the top five cybersecurity threats for schools.

The FBI also listed other ways bad actors exploit remote learning tools, including: leveraging untrusted software that users download to access sensitive information; targeting communication tools such as videoconferencing equipment and Voice over IP phones to insert inappropriate images or eavesdrop on conference calls; and compromising remote desktop applications.

WATCH: Learn about the state of ransomware and how schools can best protect themselves against it. 

Remember These Cyberhygiene Tips for Remote Learning

Here are four ways schools can mitigate cybersecurity risks as they shift learning and teaching online:

  1. Have clear guidelines in place. There are a plethora of e-learning tools out there that may entice educators who are looking to make their remote learning lessons more engaging and effective. But they need to make sure that any learning resource they use has been vetted to account for data security and privacy issues. Joe Phillips, technology director for Kansas City (Mo.) Public Schools, says any resource a teacher in his district wants to use has to come through his office first. KCPS has also created an approved list of remote learning resources so educators don’t have to search for them online, as well as digital citizenship guidelines for students and parents.
  2. Educate students, teachers and other school staff. It’s also important for K–12 leaders to regularly educate users on basic online safety. When Clinton Public School District in Mississippi sent fake phishing emails to district teachers as an experiment, 474 out of 572 emails sent out were opened, and 272 people clicked a survey link in the email. Technology Director Kim Griffin realized that teachers were not able to recognize red flags of a potential phishing attack. Districts should reiterate best practices such as checking domain names and immediately deleting emails with suspicious links or attachments.
  3. Update password protocols. Ensuring password security is also critical. Schools don’t have to require faculty and staff to periodically change their passwords unless they’ve been compromised, but they should adopt multifactor authentication techniques to reduce risks and mitigate the impact of password theft. They should also screen passwords to make sure they have not been linked to a previous breach or cyberattack, according to the National Institute of Standards and Technology.
  4. Identify potential gaps. Remote learning brings unique security challenges to school districts. For example, students and educators may be using their personal devices from home rather than ones owned and encrypted by the district. There’s also the possibility that users are working on an unsecured network or forgetting to keep their devices and software updated. Plus, as more schools turn to cloud computing to communicate and collaborate beyond school walls, IT staff need to consider how they’re securing data shared over the cloud. To get a better sense of potential vulnerabilities, districts should also consider having a third-party security risk assessment. School leaders must also keep privacy compliance top of mind as they increasingly rely on digital platforms to share information with each other.

Good cyberhygiene practices should be baked into remote learning plans. Without them, districts will be more susceptible to security and privacy threats that can disrupt learning and teaching.

succodesign/Getty Images