Tips on Reducing Key Remote Learning Security Risks

The digital transformation of higher education is in full throttle. Spurred by evolving pandemic pressures and bolstered by the benefits of new technology solutions, postsecondary schools are embracing various distance-, blended- and hybrid-learning formats to maximize student success in challenging environments. But are they doing it securely?

Online courses — whether it’s a combination of in-person and online instruction, or entirely remote classes — can create major cybersecurity risks. Especially when in-person classes are combined with on-demand online courses, malicious actors can seize opportunities to compromise critical systems and create operational havoc.

To defend the digital front line, colleges and universities must keep up with evolving security postures in a rapidly changing cybersecurity landscape. As higher education prepares for an unprecedented academic year, here’s a look at some common online-learning security shortfalls, the reasons why they arise, and how to address them.

Lack of IT Funding Leads to Cybersecurity Problems

According to RiskBased Security’s 2019 Year End Data Breach QuickView Report, the education sector accounted for 7.2 percent of total breaches reported. While this number pales in comparison to healthcare sector attacks (13 percent) or general business breaches (69 percent), attacks in higher education are growing significantly as cybercriminals target new online-learning models.

Furthermore, limited funding for IT departments in recent years has created major barriers that prevent colleges and universities from securing distance-learning classes today.

In 2018, EDUCAUSE found that higher educational institutions are spending only 4.4 percent of their total budgets on IT. And there was only a 0.26 central information security full-time equivalent position per 1,000 FTEs on campus. Without sufficient funding or staffing to support the move toward online learning at scale, significant security deficits arise.

As a result, colleges and universities are now facing critical cybersecurity challenges in these four areas: digital trust, online classes, learning management systems and social media.

Ensuring Digital Trust in Higher Education

Considering that higher education may never return to the old normal, taking the time to build digital trust is key.

“Trust in your organization’s ability to protect digital information is critical this academic year, since more interactions than ever before will be conducted online,” says Sandy Silk, director of security education and consulting at Harvard University.

Silk, who is also an ISACA cybersecurity speaker, brings up the example of remote socializing —a new dimension for residential campuses this year. This is an important area for cybersecurity professionals to be mindful of.

It is critical that colleges and universities ensure the data stored and shared across new remote socializing solutions are protected. “Make sure contracts for those SaaS vendors have appropriate security and privacy clauses,” Silk says. “And be clear with students about if and how the data they contribute into these platforms will be used and shared.”

Specifically, security clauses need to cover how data is stored, handled and accessed by Software as a Service vendors. Ideally, schools should prioritize zero-trust contracts that limit access to approved campus staff and students.

As always, it is important to be mindful that regulations such as the General Data Protection Regulation and the California Consumer Privacy Act require privacy clauses for any SaaS app that handles personal or private data. These clauses must include detailed information on which organizations and providers are collecting the data, why they are collecting the data, what data is being collected and how they will use the data. Privacy clauses must also be readily available to users, and students must have the option to opt-out of any SaaS services that collect their personal data.

To continue reading, please visit: