Remote Learning: IT Security Tips for Schools

Many districts have made the tough decision to shut down for the fall semester. Schools are now scrambling to put together remote learning options. Because of this, information technology and online security and privacy need to be addressed. This article provides tips for schools on securing remote worker access to systems as well as e-learning.

Remote Access Policy

Schools should have a remote access policy for employees. Although we’re in the thick of it, it isn’t too late for IT to develop a plan to meet your school system’s needs. A simple statement can cover:

• How employees are expected to work (personal devices, remote desktop protocol, virtual private network)
• Work hours and if internet bandwidth or system overload is an issue
• Whether employees may access school IT systems, and if so, which ones
• Reminders to employees about protecting student privacy and confidential/sensitive information
• How to report suspicious or actual cyber security incidents

School e-Learning Risks

Schools that offer online classrooms should have an e-learning policy that covers the unique challenges. Some risks include:

Meeting Bombing

An uninvited guest may join a video-teleconferencing meeting either to listen in on the conversation or to disrupt the meeting by sharing inappropriate messaging or media. These incidents are possible when you do not require a password, or an attacker is able to discover or guess the meeting ID.

Malicious Links in Chat

Hackers or students may post links to the chat that transmit malware or steal credentials. This is why you need to require passwords for all meetings.

Stolen Meeting Links

Reusing meeting links makes it easy for attackers to use them too.

School e-Learning Policy

An e-learning policy can:

• Encourage staff to use secure settings for video-teleconferencing sessions
• Require passwords for e-learning sessions
• Limit how and by what media e-learning sessions are publicized (e.g., meeting ids should not be communicated on social media or to anyone who is not invited to the meeting)
• Manage screen-sharing option; limit screen sharing to the educator so they can determine who, if anyone, can share their screen

Online Safety for Students and Educators

Finally, whenever possible, reinforce online safety with remote workers, educators and students. A students’ education depends on his or her ability to access the internet and that isn’t possible if they fall victim to a cyberattack. Hackers have ramped up their efforts now that more people are working and learning online. Remind users of the following best practices:

Watch Out for Phishing Emails

Hackers may send official looking emails from accounts that appear to be educators or administrators. Read the sender’s email address, paying attention to spelling. Hover over the address with your mouse to see if a different email address displays.

If it appears to be a phishing email from someone you know, call them by phone or by their confirmed email address to verify that the email came from them. If it didn’t, alert them to the phishing attempt and report it to the proper school authority.

Check Email Content

Although it seems as if every message we see or hear these days conveys a sense of urgency, be on the lookout for emails that demand your immediate attention. Phishing emails often claim to contain vital information about attendance, grades, payroll or payments.

Look for spelling and grammatical errors as phishing emails often originate from non-English speakers. If you suspect it’s a phishing email, it likely is. Report it and delete it.

• Do not click on links or download attachments you aren’t expecting. If you open an email and there’s a link, copy it and do an internet search on it. The search results will tell you whether it’s a real or bogus link. If you receive an email with an attachment, after checking the source and the content of the email, do not open the attachment if you weren’t expecting it or it isn’t something the sender would normally send. Call to confirm or email the person at their verified email address.
• Do not allow anyone to take control of your computer, unless it is a someone you contacted and verified as a service provider (e.g., for warranty purposes or a contracted service provider).
• Do not share your passwords with anyone.
• Install patches and software updates for antivirus and antimalware programs.

Putting appropriate policies for remote work and e-learning and reinforcing online safety can help to reduce risk and ensure success for schools, educators and students.