Fortinet Education Solutions
Securing the New Norm in Distance Learning
Over the past few months, educational institutions around the world - from elementary schools to colleges and universities - have been forced to embrace distance learning. It's now estimated that 70% of students are currently doing some form of online education.
For many of these institutions, this digital transformation to distance learning was thrust upon them-regardless of whether they were ready or not. Schools are scrambling to not only build the content for their courses but also to build the distance learning infrastructure needed to ensure all of their faculty and students have remote access to this content. The challenge they face is how to do this at scale and do it securely?
Securing the Learning Environment: Fortinet Education Solutions
Provide Strong Authentication
With advancements in hardware processing power, cracking passwords can be done in a matter of seconds. Which is part of the reason why there is a ton of stolen credentials for sale on the dark web, with more being added every day. It is essential, therefore, to enforce strong password policies (i.e., complexity, length, and expiration), enforce account lockout after failed attempts to prevent password guessing, and leverage multi-factor authentication where possible to prevent the misuse of stolen passwords.
Protect Web Applications
Next to stealing credentials, exploiting vulnerabilities in applications is the easiest way for an attacker to breach your network. You must scan external sites for security flaws such as cross-site scripting errors and SQL injections. And it's equally important to encrypt the traffic between your learning systems and your users, whether faculty, students, or administrators, so information can't be stolen in transit. In addition, deploying a web application firewall (WAF) can protect web application servers and the infrastructure from attacks and breaches originating from the Internet and external networks.
Manage 3rd Party Risk
The third-party technologies that you use in your online learning environments can pose additional vulnerabilities and risk to your enterprise network. Whether it's your learning management system or teleconferencing tools, regardless of whether they are hosted in the cloud or on-premise, you need to ensure you perform a thorough security assessment of the vendor and their products before introducing them into your network environment.
Monitor for Malicious or Unusual Activities
Organizations new to implementing distant learning will see a significant increase in devices and external network traffic connecting to their networks. The security staff needs to be aware of any unusual login attempts, unexplainable large data transfers, or other behaviors that seem out of the norm.
Protect Their Passwords
Ensure individuals use strong passwords that are not obvious, like your birthday, or default passwords provided with devices. Never use the same password on multiple accounts and devices. And never share a password with anyone - even individuals claiming to be on the IT team.
Be Wary of Public Networks
It's essential to check with the establishment to ensure the network is legitimate, and when possible, use a VPN connection to access or transmit data. To that end, it is essential that any distance learning tools support SSL VPN and strong authentication.
Keep Their Devices Up To Date
Make sure devices and applications are updated with patches, and that any antivirus/malware software is current and operational.
Spot Social Engineering Attempts
Everyone should be taught how to spot attempts to steal personal and proprietary information vial email (phishing), texting (smishing), and phone (vishing).