Networks around the world have had to rapidly scale in order to accommodate a remote workforce. This has put tremendous pressure on IT managers and administrators. Some common challenges faced by organizations currently operating during the COVID-19 pandemic include:
- Lack of bandwidth
- Lack of remote access solutions
- Inadequate firewalls or VPN solutions
This challenge is no exception for IT administrators in the education sector, whether it’s K-12, higher education, or private institutions. IT administrators have focused primarily on technologies that make online teaching, collaboration, and video conferencing easier for remote learning. But behind the scenes IT teams are working hard to vet and implement security solutions too.
IT managers are also tasked with upholding data security by protecting student data and adhering to other privacy concerns. They play a major role in providing secure remote learning. Below is a checklist for IT administrators in the education field, particularly those in K-12 education.
Provide cybersecurity training for K-12 schools
Educating staff may sound like an obvious first step but it’s an important one. Human error is one of the leading causes of cybersecurity incidents, and therefore cybersecurity training is essential.
It’s important for staff, students, and parents to recognize suspicious emails and attachments. Best practices should be not just be communicated but also be tested. Many organizations are testing their level of cybersecurity preparedness by sending phishing tests to their employees and recording the response rate.
Implement a remote learning security policy
Because many staff and students are working in a remote environment, it’s important to document a remote learning security policy in place. In the typical setting, devices are protected by the school’s firewalls, but because remote devices will go unmanaged in the remote working environment, it’s important for IT administrators to administer such policies.
This remote learning security policy should start by listing all the approved cloud applications and any apps that staff and students should avoid downloading and installing. While it may be tougher to enforce because of unmanaged devices, it nevertheless is useful in helping staff and students in protecting their devices and any sensitive data that may be exposed. (A great example of a remote access policy can be found in this template).
Make two-factor or multi-factor authentication mandatory
Authorization is key for the remote learning environment. Because the majority of the staff and students are utilizing unrecognized devices and are logging in from these devices, an added layer of security should be implemented.
This is where 2FA or MFA can help by requiring staff and students to provide another form of authentication, besides a password, to prove they have authorized access. This extra form of authentication typically requires entering a code sent via SMS to authenticate the user.
2FA and MFA are necessary in those cases where staff and students need to access corporate accounts administrated by the school. This second layer of access control reduces the chance of an account being compromised.
Monitor suspicious activity on remote devices
Because staff and students will be logging into their accounts from outside the school network, IT administrators must monitor accounts for suspicious activity. Worst-case scenario, staff and student accounts can be overtaken by hackers and be used to spread phishing campaigns, spam, and other forms of cyberattacks.
It’s important for IT teams to be on top of suspicious activity which may include multiple login attempts or logins from locations that have not been approved by the school. Repeated authentication fails are also a sign that a staff member or student account may be compromised.
Restrict account permissions
Collaboration tools are able to facilitate file sharing between staff and students and even between administrators. However, at the school level, they must be controlled by IT administrators.
This can be done with remote access controls. It’s important to only delegate privileges to only those who need it. For example, it makes sense for only a handful of staff to be able to connect students across collaborative documents. Having these granular controls allows for minimized risk on unauthorized access or account takeover.
Remote learning is no different than remote working whereas cybersecurity should be taken seriously. For many educational institutions, this is the first time that they are implementing remote access policies in a remote learning environment for their staff and students.
IT administrators must take this into consideration to streamline the process and make it easier for remote learning to run smoothly with the possibility of cyberattacks disrupting the process.
Cloudbric is currently offering all education institutions, including K-12 education, a free remote access solution that creates an encrypted connection between staff and students and the school network. Learn more here: cloudbric.com/remote-access.