Sunday, May 24, 2020

Security in Distance Learning

Distance Learning (Image from Unsplash)
Image from Unsplash
Due to the global COVID-19 pandemic, schools around the world were forced to practice distance learning to keep the students safe and confined in their homes. Sites like Scrum Institute, Udemy, and Harvard University has been practicing distance learning for a quite some time so they must have a strong framework to support it. Since most of educational institutions are simply forced to distance learning, a lot of them are still struggling to this digital transformation. Educators need to revise and build the content for their courses that’s suited online, as well as build the distance learning infrastructure needed to ensure all of their faculty and students have remote access to this content. The challenge they face is how to do this at scale and do it securely?

Just like the real world, the cyber world or the internet is filled with malicious users and cyber criminals who are fully aware that for many educational organizations, distance learning is uncharted waters. Educational institutions have long been a target by adversaries. According to the 2019 Verizon Data Breach Report, education continues to be plagued by human errors, social engineering, and denial of service attacks. And these changes only compound these challenges.

The conversion to distance learning has improved the online security risk for institutions and created potential opportunities for criminals. Essential information are their targets such as stealing personal and financial information, intellectual property, or simply be disruptive.

Secured Learning Environment

There are several simple steps every educational institution or any other institution needs to consider if they want to set up and maintain an effective distance learning environment.  These include the following: 

Protect Web Applications

Exploiting vulnerabilities in applications is the easiest way for an attacker to breach your network. You must scan external sites for security flaws such as cross-site scripting errors and SQL injections. And it’s equally important to encrypt the traffic between your learning systems and your users, whether faculty, students, or administrators, so information can’t be stolen in transit. 

Provide Strong Authentication

It is essential to enforce strong password policies (i.e., complexity, length, and expiration), enforce account lockout after failed attempts to prevent password guessing, and leverage multi-factor authentication where possible to prevent the misuse of stolen passwords. I believe this is where captcha comes in and other similar security measures. 

Leverage Network Segmentation

Another way to secure your environment is to segment or separate your internet-facing teaching applications from your other internal applications, such as your HR system, Accounting, etc. This way, if a breach or malware outbreak were to occur, the scope of impact will be limited.

Manage 3rd Party Risk

The third-party technologies that you use in your online learning environments can pose additional vulnerabilities and risk to your enterprise network. Whether it’s your learning management system or teleconferencing tools (e.g. Zoom, Skype, etc.), regardless of whether they are hosted in the cloud or on-premise, you need to ensure you perform a thorough security assessment of the vendor and their products before introducing them into your network environment. 

Monitor for Malicious or Unusual Activities

Organizations new to implementing distant learning will see a significant increase in devices and external network traffic connecting to their networks. The security staff needs to be aware of any unusual login attempts, unexplainable large data transfers, or other behaviors that seem out of the norm. This job usually falls under the network manager’s responsibility or his/her minions. 

As we engage in distance learning, we need to ensure that we practice cyber distancing to protect ourselves from malicious users. In order to maintain order and take control, it's strongly recommended to follow these standard security practices to effectively move us into this new distance learning norm.

Just to give you some tips, here are some reliable distance learning websites I found (you may search Google about their websites): 
  • International Scrum Institute 
  • Maryville University 
  • Harvard University 
  • Udemy.com 
  • Coursera 




No comments:

Post a Comment

Popular Posts