Best Practices for Data Security in Online Learning
As the global pandemic extends into the fall, it’s clear that most schools and universities will continue to rely on online instruction in the near term. However, although online instruction can help minimize health risks, it also introduces heightened security risks and highlights the importance of protecting data.
This was certainly true in corporate environments, where more than 80 percent of companies saw “slightly to considerably more” cyberattack attempts in the first half of 2020. As the threat landscape continues to evolve, higher education will continue to become an increasingly target-rich environment.
To keep their courses and students safe, it’s up to institutions to make cybersecurity top of mind. Robust access control, authentication, data integrity, and content protection are all essential to safeguarding sensitive data and communications. Educators must not only protect sensitive data but take proactive steps to safeguard online communications.
Safeguarding a wealth of personal data
School systems have long been a ripe target for hackers and other bad actors. Many are especially vulnerable to attacks because they lack the security systems and IT resources that corporations and large enterprises utilize. In 2019, ransomware infections impacted more than 500 schools in the U.S. alone. As schools spend more of their limited IT resources building digital classrooms, the threat is likely to grow. Just this past June, hackers took Columbia College student data hostage and threatened to sell it on the dark web.
Most schools host huge volumes of data related to their students, tracking everything from test scores to demographic data, behavior records, financial information and more. To keep this sensitive personal data from falling into the wrong hands, institutions must restrict access and encrypt data, regardless of where it resides.
Protecting data in transit
When it comes to protecting data that’s in transit, you need to secure your website with a TLS/SSL certificate to encrypt information and maximize trust. Three key types of TLS certificates can provide protection, including Organization Validation (OV), Domain Validation (DV) and Extended Validation (EV). EV certificates, the worldwide standard for protecting extremely sensitive data, offer the highest level of authentication. To enable organizations to manage these certificates, certificate authorities (CAs), like DigiCert validate each type of certificate to a specific level of user trust.
Protecting data at rest
With so much personal and financial information residing on-premises at education institutions, protecting data onsite is critical to prohibit hackers from harvesting it. The best way to protect data onsite is to encrypt it at rest. If a hacker were to infiltrate a system that contains encrypted data, it would be worthless.
Safeguarding third-party platforms
Learning management systems (LMS) like Blackboard or Canvas also host a vast array of personal data that is vulnerable to attack. To protect these systems from unauthorized access, two-factor authentication should be mandatory for these systems.
Securing online communications and classrooms
Classroom and online communications like videoconferencing and email platforms are also vulnerable to hackers and other attacks. We’ve all heard the stories of disruptive “Zoombombing” episodes in education and at private enterprises. Although some of these pranks may seem lighthearted, they disrupt and waste valuable classroom time. Establishing role-based accounts, robust access control and frequent re-authentication can help minimize these issues.
Securing school devices
Maintaining control over the devices students use to access learning is a powerful way to enforce security for video collaboration and classwork. However, it also requires mechanisms like Mobile Device Management (MDM). MDM lets you control your devices, security profile and level of access for users from anywhere in the world. When combined with PKI for identity management, it offers a formidable security combination.
As universities and school districts discover more vulnerabilities in their videoconferencing platforms, they are taking proactive steps to make them more secure. For example, the New York City Department of Education recently developed a DOE-licensed version of Zoom. Tailored to the Department’s security standards, it prohibits participants from renaming themselves, blocks private chats and restricts students from controlling screens. Whether you are using Zoom or another video collaboration platform, it’s essential to ensure that only authorized users can access a conference and participate in sharing content.
Phishing and other email threats have plagued enterprise corporations for decades and unfortunately, students are highly vulnerable. Making sure that students cannot accidentally install malware on their devices is key, especially if the laptop or tablet has been issued by the school. Students are subject to the same type of phishing accounts as corporate employees. Although there isn’t necessarily a financial gain, hackers do it for fun and then lock out the real students. Especially with school-issued devices, it is key to ensure that students do not accidentally install malware on school property. Protocols such as S/MIME and security through DMARC certification can help you ensure that your email communications are fully protected.
Securing sensitive documents
The need for security isn’t limited to communications and classroom activities. You’ll also want to protect sensitive documents from individuals who may tamper with report cards, transcripts, or diplomas. Digital document signing lets organizations and individuals incorporate a digital signature in a document to prove their identity. It is more secure than scanned signatures and other methods, never expires and can be customized to meet local legal requirements.
It’s clear that the impact of today’s healthcare crisis will continue to ripple across our education systems for months or even years to come. Educators will have plenty of challenges as they shift to online or hybrids of remote and in-person instruction. With strong security best practices in place, they can gain peace of mind in knowing that their students and institutions will stay safe from attacks—and free up time to focus on delivering the best possible learning experience.