Over the past few months, educational institutions around the world have been forced to embrace distance learning.
Malicious actors and cybercriminals are fully aware that for many organizations, these are uncharted waters. The movement to distance learning has created additional risk for institutions and created potential opportunities for the adversary, who are more motivated than ever to steal financial information, intellectual property, or simply be disruptive.
There are several simple steps every educational institution needs to consider implementing if they desire to set up and maintain an effective distance learning environment while keeping their cyber adversaries at bay. Here are some of them, presented by cyber-security company Fortinet.
Provide strong authentication With advancements in hardware processing power, cracking passwords can be done in a matter of seconds. Which is part of the reason there is a ton of stolen credentials for sale on the dark web, with more being added every day. It is essential, therefore, to enforce strong password policies (i.e., complexity, length and expiration), enforce account lockout after failed attempts to prevent password guessing, and leverage multi-factor authentication where possible to prevent the misuse of stolen passwords.
Protect Web applications Next to stealing credentials, exploiting vulnerabilities in applications is the easiest way for an attacker to breach your network. You must scan external sites for security flaws such as cross-site scripting errors and SQL injections. It’s equally important to encrypt the traffic between your learning systems and your users, whether faculty, students, or administrators, so information can’t be stolen in transit. In addition, deploying a Web application firewall (WAF) can protect Web application servers and the infrastructure from attacks and breaches originating from the Internet and external networks.
Manage third-party risk The third-party technologies that you use in your online learning environments can pose additional vulnerabilities and risk to your enterprise network. Whether it’s your learning management system or teleconferencing tools, regardless of whether they are hosted in the cloud or on-premise, you need to ensure you perform a thorough security assessment of the vendor and their products before introducing them into your network environment.
Monitor for malicious or unusual activities Organizations new to implementing distant learning will see a significant increase in devices and external network traffic connecting to their networks. The security staff needs to be aware of any unusual login attempts, unexplainable large data transfers, or other behaviors that seem out of the norm.
As we engage in distance learning, we need to ensure that we practice cyber distancing to protect ourselves from the adversary. Taking control by following these standard security practices is one of the best ways to effectively move us securely into this new distance learning norm.