Class is in session in classrooms and students’ homes all across the nation—here’s how to ensure that online learning security is a priority

Over the coming weeks, students, teachers and caregivers alike have adjusted to the modern-day classroom – many of which consist of a full or hybrid online learning model. This virtual shift brought on by COVID-19 comes with many unique challenges, and one of the most concerning is ensuring optimal online learning security across new and emerging technologies.

School districts across the country have rolled out new technologies to accommodate virtual learning options, ranging from video conferencing tools to educational mobile applications. But, more often than not, deploying these solutions is based first and foremost on convenience and accessibility, with online learning security falling by the wayside.

Related content: Why security experts are concerned about online learning

Making matters worse, today’s sophisticated cybercriminals are well aware of the opportunity presented by online learning, targeting their attacks accordingly. In fact, recently, the Humble Independent School District in Texas suffered a cyber attack during the first day of online learning, disrupting the district’s servers and causing students and teachers to resort to offline measures. Given today’s complex, evolving threat landscape, this may not be the only instance we hear of malicious actors taking advantage of vulnerable online learning systems and software.

Over the coming weeks, students, teachers and caregivers alike have adjusted to the modern-day classroom – many of which consist of a full or hybrid online learning model. This virtual shift brought on by COVID-19 comes with many unique challenges, and one of the most concerning is ensuring optimal online learning security across new and emerging technologies.

School districts across the country have rolled out new technologies to accommodate virtual learning options, ranging from video conferencing tools to educational mobile applications. But, more often than not, deploying these solutions is based first and foremost on convenience and accessibility, with online learning security falling by the wayside.

Related content: Why security experts are concerned about online learning

Making matters worse, today’s sophisticated cybercriminals are well aware of the opportunity presented by online learning, targeting their attacks accordingly. In fact, recently, the Humble Independent School District in Texas suffered a cyber attack during the first day of online learning, disrupting the district’s servers and causing students and teachers to resort to offline measures. Given today’s complex, evolving threat landscape, this may not be the only instance we hear of malicious actors taking advantage of vulnerable online learning systems and software.

With current and future educational systems in flux, with long-term repercussions expected, students, educators, and IT teams should follow these steps to bolster online learning security.

Implement simple steps first

Before diving into the curriculum, ensure that online learning security basics are covered on various devices, including all software and applications. To begin, consider using a Virtual Private Network (VPN), which can enhance the security of a device being used for online learning. The main benefit of using a VPN is that it can turn any system into an anonymous machine that’s harder to track online while encrypting the data that flows in and out. As a result, users can rest assured data is secured as they share it back and forth between students, educators and additional staff – regardless of where they’re stationed.

A recent survey revealed that as a result of COVID-19, 44 percent of consumers have been forced to use new video conferencing tools (e.g. Zoom, Microsoft Teams) and 19 percent have been using new online learning (e.g. Google Classroom) apps. Before downloading such software, take a moment to read through the end-user license agreement (EULA). How will the software vendor be collecting, using, and storing data inputted into the application? Is it made clear? If not, then there’s a strong case to push back on the school district, explaining why it’d be unsafe for all to use such software.

Additionally, it’s important to stay current with all software updates. It can be easy to skip software updates because they can take a few minutes of time, but ignoring them creates an open door for cybercriminals to access information due to existing security gaps. However, don’t be fooled into updating software applications from counterfeit websites. When in doubt, open up the applications themselves and follow the instructions directly within.

Increase vendor vigilance

With students and educators using more electronic communication tools this school year than ever before, cybercriminals have an expanded attack surface on which to capitalize. For this reason, it’s critical for school districts and their corresponding IT teams to conduct proper due diligence when it comes to vetting the new software vendors they’re working with and new platforms they’re adopting this year.

Key components to take into consideration and questions to ask include:
● Audit vendor certifications: Is the vendor certified with industry-standards like ISO-27001, SOC 2 or SOC 3? These third-party certifications are highly regarded in the technology industry, and a quick online search for the vendor’s certification history should yield the results needed for an initial inspection.
● Evaluate application security testing: An important question to ask is, does the vendor perform regular application security testing (AST) like penetration testing or static code analysis (SAST) as part of their product’s release criteria? Will they share that report and the findings with the school district’s IT team, to then disseminate onto educators and caretakers, so everyone is aware of any potential security gaps in real-time?
● Consider the security incident policies: Lastly, it’s important to plan for the worst – a security incident. In today’s digitally-connected world, it’s only a matter of time until every organization falls victim to an attack. So, if something does happen, what are the steps that will be taken? What is the vendor’s security incident policy? When and how will schools be notified if a breach happens? What is their mitigation strategy? These, and many others, are all questions that need to be answered before an incident actually occurs.
source: Read More, eSchool News

Leave a Reply