Loss Control Insights for Schools
Remote Learning: IT Security Tips for Schools
Many districts have made the tough decision to shut down for the fall semester. Schools are now scrambling to put together remote learning options. Because of this, information technology and online security and privacy need to be addressed. This article provides tips for schools on securing remote worker access to systems as well as e-learning.
Remote Access PolicySchools should have a remote access policy for employees. Although we’re in the thick of it, it isn’t too late for IT to develop a plan to meet your school system’s needs. A simple statement can cover:
- How employees are expected to work (personal devices, remote desktop protocol, virtual private network)
- Work hours and if internet bandwidth or system overload is an issue
- Whether employees may access school IT systems, and if so, which ones
- Reminders to employees about protecting student privacy and confidential/sensitive information
- How to report suspicious or actual cyber security incidents
School e-Learning RisksSchools that offer online classrooms should have an e-learning policy that covers the unique challenges. Some risks include:
Meeting BombingAn uninvited guest may join a video-teleconferencing meeting either to listen in on the conversation or to disrupt the meeting by sharing inappropriate messaging or media. These incidents are possible when you do not require a password, or an attacker is able to discover or guess the meeting ID.
Malicious Links in ChatHackers or students may post links to the chat that transmit malware or steal credentials. This is why you need to require passwords for all meetings.
Stolen Meeting LinksReusing meeting links makes it easy for attackers to use them too.
School e-Learning PolicyAn e-learning policy can:
- Encourage staff to use secure settings for video-teleconferencing sessions
- Require passwords for e-learning sessions
- Limit how and by what media e-learning sessions are publicized (e.g., meeting ids should not be communicated on social media or to anyone who is not invited to the meeting)
- Manage screen-sharing option; limit screen sharing to the educator so they can determine who, if anyone, can share their screen
Online Safety for Students and EducatorsFinally, whenever possible, reinforce online safety with remote workers, educators and students. A students’ education depends on his or her ability to access the internet and that isn’t possible if they fall victim to a cyberattack. Hackers have ramped up their efforts now that more people are working and learning online. Remind users of the following best practices:
Watch Out for Phishing EmailsHackers may send official looking emails from accounts that appear to be educators or administrators. Read the sender’s email address, paying attention to spelling. Hover over the address with your mouse to see if a different email address displays.
If it appears to be a phishing email from someone you know, call them by phone or by their confirmed email address to verify that the email came from them. If it didn’t, alert them to the phishing attempt and report it to the proper school authority.
Check Email ContentAlthough it seems as if every message we see or hear these days conveys a sense of urgency, be on the lookout for emails that demand your immediate attention. Phishing emails often claim to contain vital information about attendance, grades, payroll or payments.
Look for spelling and grammatical errors as phishing emails often originate from non-English speakers. If you suspect it’s a phishing email, it likely is. Report it and delete it.
- Do not click on links or download attachments you aren’t expecting. If you open an email and there’s a link, copy it and do an internet search on it. The search results will tell you whether it’s a real or bogus link. If you receive an email with an attachment, after checking the source and the content of the email, do not open the attachment if you weren’t expecting it or it isn’t something the sender would normally send. Call to confirm or email the person at their verified email address.
- Do not allow anyone to take control of your computer, unless it is a someone you contacted and verified as a service provider (e.g., for warranty purposes or a contracted service provider).
- Do not share your passwords with anyone.
- Install patches and software updates for antivirus and antimalware programs.
Putting appropriate policies for remote work and e-learning and reinforcing online safety can help to reduce risk and ensure success for schools, educators and students.