Remote Learning: Help Your K-12 and Higher-Ed Clients Get Back to School Safely
Remote learning leaves your education clients vulnerable to security risks. Here’s how to keep them (and their students) safe.
September 25, 2020
Sponsored by Barracuda MSP
Educators have been faced with a very unusual return to school this year. At every level, from colleges and universities to preschools, the education system is struggling to provide services to students during the pandemic. Some organizations and districts are operating fully remotely this fall; others are offering a mix of in-person and online classes.
Because most of these schools weren’t equipped for distance learning, they’re using a mix of Google Classroom, Zoom meetings and other services that have been cobbled together–in some cases with very little preparation, and in most cases being used by novice users. This has left schools and students vulnerable to cybercriminals.
Over the summer, the FBI issued a Private Industry Notification warning that cybercriminals would increasingly target K-12 schools as they shift to remote learning.
EdTech security risks are similar to those faced by other types of organizations, such as ransomware, data security and account takeovers. There are also risks associated with applications that students and teachers use for remote learning but aren’t necessarily part of the school’s official IT infrastructure.
For MSPs with clients in the education sector, here are few tips to help those clients get back to school safely and securely.
Conduct a security audit. Work with clients to identify gaps in their security infrastructure and find ways to ensure they have the right tools in place to keep their remote learners safe.
Encourage clients to create an approved list of applications and enforce that list. Teachers and professors frequently have to come up with resources and solutions on their own, but they can’t be left to improvise when it comes to remote learning technology. Help your clients explain the importance of using approved tools and create policies to make sure staff follow the rules.
Use remote monitoring tools to help clients keep a handle on their G-suite and other EdTech tools. Cloud-based solutions require users to take on more security responsibilities, but many users have no idea who is responsible for securing data in the cloud. A cloud security platform and monitoring capabilities are critical in this environment.
Cloud-based solutions may represent the most significant threat right now because many schools have abruptly shifted from a server-based environment to the cloud without changing and strengthening their security posture. The most visible result of this may be Zoombombing, where hackers hijack a teleconferencing session and insert materials that are lewd, obscene or racist, and typically result in shutting down the session. Schools must ensure that not only are staff following proper security protocols, but that students’ safety and privacy is protected while using cloud apps.
Teachers need education, too. While many corporations engage in regular cybersecurity training, schools haven’t necessarily done so. Make sure staff can spot phishing and other types of cyberattacks. According to EdTech, the Clinton Public School District in Mississippi sent fake phishing emails to test security practices among teachers and discovered that not only were most of the emails opened, more than half of the recipients clicked a suspicious survey link.
Institute safe password protocols. Encourage education clients to follow NIST (National Institute of Standards and Technology) 800-63B digital identity guidelines to ensure they’re using unique, strong, long and less frequently changed passwords. Using a dedicated password manager solution is also highly recommended to help clients generate secure random passwords that easily can be managed for all their computers, phones and tablets.
Protect sensitive data. Schools store a lot of valuable data, including financial information, Social Security numbers, and access to information on hundreds or thousands of students. Make sure the data–whether it’s in transit or at rest–is appropriately encrypted (i.e., meets the FIPS 140-3 standard). Additionally, users should have access only to the necessary information to do their jobs. That way, if there’s a breach, the damage can be minimized.
With remote learning, the threat vector is greatly expanded for schools. Students will use a mix of school-issued and personal devices to access applications and the network. Emphasize the importance of having security protocols in place that can protect users regardless of how they’re connecting. That means following the guidelines mentioned above for passwords and multifactor authentication, and securing and encrypting the data being accessed, no matter how–and where–users connect.
It’s unclear how long remote learning will be required for K-12 and higher ed, but MSPs can play a vital role in keeping their education clients safe and ensuring the success of remote learning programs. MSPs should help schools find the right remote learning and security technologies and educate clients about proper security practices so that everyone can get high marks when it comes to a secure online education.
Nathan Bradbury is Manager of Systems Engineering for Barracuda MSP, a provider of security and data protection solutions for managed services providers.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like