The ongoing pandemic is resulting in a crisis for schools, colleges, and universities the world over. With physical buildings closed, most educational institutes are moving to emergency remote learning and working.
For most of them, the transition from physical to online models has happened too quickly. Without proper time to vet potential risks, their networks are exposed thanks to the deployment of new technologies and apps. Furthermore, risks can also run high because students and educators aren’t always properly trained to use the new tech.
Further complicating matters, many educational institutes simply don’t have the budgets to overhaul their technology solutions in the face of such an unprecedented and unanticipated pandemic. As a result, some institutes are lured by free tools and apps for online learning, most of which come laden with inadequate privacy controls, user tracking, inappropriate promotional content, and sometimes malware – all of which elevates the risk of not complying with regulatory mandates like FERPA and others.
With remote learning becoming the new normal, cybercriminals are busy finding new ways to leverage techniques like phishing, ransomware, social engineering, and more to pull off attacks. Here’s a look at some of the most critical risks to be addressed in order to safeguard users and data.
1. Secure remote access
With distance learning taking over physical schooling, students and teachers need access to online learning tools mostly located in the cloud – file sharing applications, email, apps – and they sometimes need to remotely access resources on the school network. At the same time, administrative and IT staff working from home may need access to systems and documents located on the school network as well. If remote access isn’t secure, hackers can sneak in and take control of the entire network. Deploy a virtual private network (VPN) that offers secure remote access to your users and protects all data that flows in and out of the VPN by encrypting it.
Students and school staff may bring their own devices and connect them to the school network, some of which may be unpatched and running risky applications, giving easy access to attackers. To counter this, ensure only whitelisted apps run on the network and that only authorized devices can accessing the network. With complete application visibility and control, you can identify all the applications on your network – including shadow IT and data at risk. This allows you to control the apps and apply user-based application controls and traffic shaping. By synchronizing your firewall and endpoint security, you can instantly identify compromised endpoints, isolate them until they are cleaned, and prevent infections from spreading laterally to other devices on the network.
2. Control access to sensitive data
Educational institutes are treasure troves of valuable information that can be sold on the dark web. Personal data of students, teachers, alumni, and administrative staff, along with sensitive data relating to a school’s research and intellectual property can make a hacker very rich by selling it or ransoming it. It’s critical to enforce access based on user identity, allowing authorized users access to only what they need in order to do their jobs. You can protect sensitive data, research, and other critical resources by allowing access to only those who are authorized, with two-factor authentication (2FA) support for access to key system areas, including IPsec and SSL VPN, user portals, and web administration consoles.
3. Protect against malware
The shift to remote learning means many of the devices connecting to the school network are BYOD. It’s difficult to know whether the devices and applications used are updated with patches and if the antivirus is current. Unless such remote devices are connecting via a VPN, you’ll need to ensure they’re secure before they can access resources on the school’s network.
It’s important to deploy advanced web protection capabilities that can identify and block the latest web threats. This allows you to enforce web filtering rules to keep students safe from instances of cyberbullying, inappropriate content, abuse, and other online threats. And with staff working from home, peripheral controls allow you to control what your staff can and can’t plug into their corporate devices. This helps you safeguard your network against unexpected threats.
4. Protect against phishing
Social engineering and phishing attacks pose major IT security risks to schools. Students, teachers, or staff members who get manipulated to click on malicious links can provide cybercriminals access to the school’s network and precious resources. The best way to counter social engineering and phishing attacks is through user awareness and training. Educating and testing your users with simulated attacks helps you facilitate a positive security awareness culture and makes them less likely to fall for scams. Make sure your email security is up to date as well, and that you have advanced protection for all your endpoints so you can protect them against both known and unknown malware, ransomware, exploits, and viruses.
5. Secure mobile computing
Mobile devices like phones, tablets, and others are increasingly used today for remote learning. A single unprotected device increases the risk of compromising the entire school network and systems, especially at a time when schools have lowered the barriers to access their networks, specifically for students. With most devices connected to the internet, the attack surface is significantly amplified for schools. An effective mobile device security solution can help keep your students and staff safe on the internet, preventing risky file downloads and blocking access to inappropriate websites. Mobile antivirus and ransomware protection capabilities can safeguard your users and devices from malicious content and apps.
Sophos can help
Sophos’ unique IT security capabilities offer award-winning protection for schools of all sizes. You can ensure that learning doesn’t stop in times when students aren’t able to access teachers and educational resources in person. Read our whitepaper on Secure remote learning in education to find out more. You can also visit our education protection page to find solutions that help secure educational institutes.