Raising a Cyber-Savvy Village: Remote Learning Security in the Age of COVID-19
October 30, 2020
Contributed by David Mundhenk, Principal Consultant, Herjavec Group
Wholescale student populations are now being sequestered at home long-term and are receiving their schooling via remote classroom access due to the COVID-19 pandemic.
School systems, teachers, and administrators have had to acquire and deploy cyber tech en masse; implement and administer whole-scale network systems, convert school curriculum to support remote access delivery, install complex video conferencing, end-user help desk support and ticketing systems, and even deploy wireless network access points in strategically deployed school buses to support educational access for the underprivileged. Like it or not, within a few months, educational institutions have now become enterprise IT entities, taking on all the responsibilities of securely delivering qualitative technology services.
Likewise, parents, grandparents, and caretakers of school-age students who are participating in remote access delivered educational services have had to become small IT startups at home. They too have had to contend with becoming network savvy help-desk support personalities for their children. In many instances, they’ve had to do so in addition to fulfilling their own remotely connected professional obligations and responsibilities.
Now more than ever it is critical to raise a ‘cyber-savvy village’ to contend with these new challenging times we live in. So, what to do?
- Ask your school system administrators to provide you their written cybersecurity policies and procedures concerning proposed remote learning capabilities. If none exist or can be provided, that is a warning sign.
- Ask your school system administrators to provide a copy of their incident response policies and plans. Be sure to read and fully comprehend what is required in case a possible cyber incident occurs. Be prepared to quickly report any unusual or suspect activity.
- Ask your school system administrators if they have appointed a single individual or team of individuals to be responsible and fully accountable for cybersecurity. If none exist or can be provided, that is a warning sign. If they have, obtain full contact information for that individual or individuals.
- Whether the school is providing a digital tablet or laptop or children are using something provided at home, ensure the e-learning digital platform has the most recent security patches and malware software prevention updates. Continue to monitor patch and malware software updates for the platform to make sure they are current.
- If other family members are going to working on, or are using the same network as used for e-learning, ensure those systems are also up to date on security patches and malware prevention software.
- Whether children are using a wired or wireless network for home-based remote e-learning, ensure that such technology is enabled with all available security features. Consider implementing a home firewall or, at the very least, ensure that the e-learning platform has host-based firewall capabilities enabled such as MS Windows Defender or similar technology.
- Teach children that their digital tablet or platform is to only be used for learning and not for random Internet browsing, personal email, gaming, or social media.
- Most important of all, monitor all children’s activities and use of the e-learning platform.
School Systems and Educators
- Ensure that you have clearly written, detailed cybersecurity policies and procedures. Ensure that this documentation is disseminated to other educators and parents.
- Ensure that you have provided clearly defined, written incident response procedures to all educators and parents involved in the remote e-learning process. Ensure that all parties clearly understand what to do in case a suspected or actual cybersecurity incident occurs.
- Ensure that you have a single person or team appointed to be responsible for implementing and maintaining a cyber-safe educational environment. Provide their contact information to educators and parents.
- Ensure that all digital e-learning platforms provided to parents and children have the latest security patches and malware prevention software is up to date. Ensure that these platforms have host-based firewall capability that is always enabled.
- Ensure that security event logging is enabled on all technology used to deliver remote e-learning functionality. Consider exporting all logs to a single, highly secure centralized source to help recreate events if an adverse cybersecurity incident occurs.
- Ensure that all educators and parents are provided cybersecurity awareness training prior to starting the school learning cycle, and on a regular basis throughout the school year.
- If mobile wireless access points are to be deployed to facilitate remote e-learning capabilities for parents and children, ensure that only robust encryption is enabled to facilitate access (at least WPA2 and strong ciphers.) Ensure that passwords are robust and consider refreshing them on a monthly basis.
- Reach out to local law enforcement personnel, most specifically their cybersecurity experts and establish proper communication channels and notifications in case a cybersecurity incident occurs.
- Consider seeking the advice of security professionals and firms such as Herjavec Group. An objective, third-party, trusted partner can provide objective advice and ensure that all technologies, processes, and people are engaged to optimally support and protect e-learning capabilities and students.
We commend educators and school systems for ramping up remote, e-learning capabilities in such a short period of time. As we all know, however, if something of this scale and complexity is ramped up quickly, important steps can be missed or overlooked.
Cybersecurity is a continuous process, rather than an end state. As it has been stated before, it takes a cyber-savvy village to protect all of its constituents. If we all do our part by implementing stronger security practices, raising community awareness, educating vulnerable audiences, or training employees, our interconnected world will be safer and more resilient for everyone.
School systems and educators: to engage David or Herjavec Group regarding your remote learning security concerns, please connect with us today.
Thought Leadership from David Mundhenk: