Perhaps no single industry has struggled to adjust more to COVID-19 than education. The pandemic has greatly accelerated the broad adoption of e-learning solutions. Those school districts that invested in robust IT systems have been validated and are continuing to build out their resources. Meanwhile, those districts that did not already have e-learning technologies in place now recognize its necessity and are scrambling to play catch-up as they work to expand capabilities for teachers and students and prevent against distance learning cybersecurity threats.
While the growing availability of e-learning solutions has been both a lifeline and a source of frustration for administrators, teachers, students and their families, these tools are invaluable in our current reality. As administrators struggle to ensure connectivity and accessibility of these tools for all students, too many school districts are ignoring the elephant in the room: cybersecurity.
Widespread use of technology in the classroom combined with remote learning environments for homebound students has made protecting schools from cyberattacks much more complex. In June, Microsoft Security Intelligence found that 61% of the 7.7 million malware encounters experienced by organizations over the previous month were targeting education – far more than any other sector.
With many districts caught flat-footed and under pressure to quickly adapt, they are implementing IT solutions without a coherent security strategy – a move that puts schools at serious risk.
In fact, the beginning of the school year saw several high-profile cyberattacks against educational institutions, including DDoS attacks that paralyzed the Miami-Dade County Public Schools’ e-learning platform in late August and a massive ransomware attack which forced Hartford, Conn., to postpone its first week of school.
It’s not just hardened cybercriminals looking to take advantage of these gaps in security: a high school junior launched the attack against Miami-Dade – the nation’s fourth-largest school district covering 392 schools and more than 345,000 students – using an easily downloadable piece of software.
That’s not to say that the shift to e-learning technology should be put on hold. Instead, educators need to address the following vulnerabilities to their systems to ensure students, teachers and administrators are protected from the bad intentions of cybercriminals.
Staying Safe While Remote
Learning institutions have long been a favorite target of hackers, as evidenced by the wave of ransomware attacks that impacted more than 500 U.S. schools in 2019.
With a majority of school districts moving forward on a hybrid model of virtual and in-class education this fall, remote learning provides a golden opportunity for cybercriminals and bad actors, who have been hard at work all summer finding new ways to leverage techniques like ransomware, phishing and social engineering against vulnerable IT infrastructure.
Most attacks rely on manipulating users into clicking on a malicious link that downloads malware or provides cybercriminals access to the school’s network and sensitive information. There are other cases where user behavior that is acceptable on a home device, such as browsing social media sites or connecting over insecure Wi-Fi, could, if done on a school-provided device, open up an entire school district’s network for hackers to exploit.
This makes it critical to keep email security up to date and advanced protection in place for all endpoints. Systems should always be on guard for malware, ransomware, exploits and viruses.
Enlisting Parents and Students in the Fight Against Hackers
The best way to defend against cyberattacks is through user awareness and education. Regular training and testing of users with simulated attacks are a good first step towards creating security awareness. This makes the support of parents necessary, especially for younger students. Educators need to help parents understand what behaviors create risks for their children, home networks and the institution to ensure students are safe from scams and cyber attackers.
It also means guiding parents to take responsibility for enforcing digital security at home. Parental controls and coaching safe behavior online are just one aspect. In an ideal world, every family would have a firewall in place to prevent malicious software from accessing a computer.
They should also make sure their home’s wireless network is protected with encryption and a secure password. If possible, parents should consider creating a separate network at home for kids to use. Many savvy organizations are encouraging remote employees to keep their work devices separate from home use and off-limits to other family members. Schools must look for similar approaches to minimize system exposure.
Ultimately, proactive parenting that maintains an active awareness of how remote learners are using tech-driven tools and platforms is key to keeping students and school systems safe. It may even prevent another student from making the same choices that led to the recent attack at Miami-Dade.
More Smart Devices, More Security Problems
While schools scramble to protect remote learning environments, it’s just as important to make sure that classroom devices are secure. Most of the new technologies installed in classrooms are IoT-connected devices like smart boards, smart projectors and 3D printers.
While these tech-driven solutions help to foster an enhanced environment for learning and growth, they are inherently less secure than traditional computer hardware.
This makes the majority of IoT devices much easier targets – and more desirable to hack. It’s important to recognize that each new device connected to a school’s network is a new distance learning cybersecurity threat vector that attackers can exploit. To stay safe, schools must understand the risks IoT devices pose to the networks they’re connecting to.
School districts aren’t the only ones struggling to manage the risk of IoT devices. In a recent survey of cybersecurity professionals by the Neustar International Security Council, only a quarter (27%) of respondents said they are confident that their personnel knows how to protect IoT devices and equipment against attacks.
A good first step to prioritizing IoT security is ensuring the factory-provided password on each device has been changed. Users often keep a device’s original password or even remove the requirement for a password. This means the door has been left open for attackers to exploit that device and use its connection to navigate to more sensitive parts of the school network.
Another risk comes from not updating firmware and software. Since smart devices usually require updates at different times and running those updates require the devices to be offline, software and firmware updates are not always completed. This leaves any newly discovered security vulnerabilities unaddressed, allowing cybercriminals to take advantage. School IT teams should run updates on all devices and develop a schedule to ensure each device has the latest security patches.
Safely Embracing e-Learning
As schools adopt more tech-driven learning solutions, there will be more vulnerabilities for bad actors to find and exploit. That shouldn’t stop administrators from implementing these new technologies. Instead, they should stay vigilant and focus on securing e-learning devices and maintaining good cyber hygiene practices – ensuring classrooms stay online and learning continues uninterrupted.
Rodney Joffe serves as security CTO, SVP and fellow at Neustar. He regularly lends his insights and experience to organizations like ICANN and the U.S. government, where he sat on the cybersecurity intelligence panel and served as an advisor to the Obama White House. This post premiered on our sister site, Campus Safety.