Computer security in distance learning: 5 tips to prevent online risks

31 May 2021 | Online risks

Remote learning is becoming the new normal: cyber security in distance learning is becoming increasingly important. Cybercriminals are busy every day finding new ways to exploit techniques such as phishing, ransomware, social engineering and more to launch attacks.
The ongoing pandemic is causing a crisis for schools and universities around the world. With physical buildings closed, most educational institutions are moving towards distance learning and working.

For young people and teachers, the shift from a traditional classroom-based learning methodology to a new, purely online one has happened too quickly. Not to mention the potential cybersecurity risks in distance learning, also due to the lack of training of students and educators in cybersecurity.

In fact, according to data from the study by Parole O_Stili and Istituto Toniolo, conducted with the technical support of Ipsos, 41% of the students interviewed say they would give a sufficient grade to the overall level of digitalisation of the student body. Only 7% give it a very good grade, while 4% say very bad.

To further complicate this situation, many institutions do not have the budgets to review their cybersecurity in distance learning in the face of the pandemic. As a result, some institutions are attracted to free tools and apps, but these do not comply with GDPR and privacy regulations and sometimes carry malware.

According to the report by AGCOM, for most schools the computers available to pupils are still “confined” to the “computer labs”.

Against this backdrop, we report on some of the most critical risks to consider for cybersecurity in distance learning, for effective, serene and hacker-aware dad.

Index

1. Secure remote access
2. Controlling access to sensitive data
3. Protection against malware
4. Protection against phishing

5. Disruptive actions during a videoconference

Some tips for computer security in distance learning

1. Secure remote access

Students and teachers need online learning tools, mostly located in the cloud (file sharing applications, e-mail, apps), and remote access to school network resources. At the same time, administrative and IT staff working from home also need access to systems and documents on the same network.

In order to access these networks remotely in a secure manner, it is necessary to use a VPN, i.e. a virtual private network, which protects all incoming and outgoing data flows. Without a VPN, it is very easy for hackers to gain access to and control over the school network.

By synchronising firewall and endpoint security (any device that can connect to the school network), it is possible to immediately identify compromised devices, isolate them until they are cleaned, and prevent any viruses from spreading laterally to other devices on the network.

If the school provides them, only run and use authorised apps on the network and log in with authorised devices.

If you connect with your own devices, first check that they are equipped with security systems, then take care not to run insecure apps, which can create easy access for attackers.

Insecure apps do not adopt modern security standards: they are outdated and not up to date with privacy regulations (and therefore more likely to be hacked).

2. Controlling access to sensitive data

Schools and universities hold valuable information: personal data of students, teachers, alumni and administrative staff, as well as sensitive research and intellectual property data.

It is important to ensure that only certain authorised people have access to these assets.

If a hacker manages to gain access to the school database:

  • He can steal all personal data and put it up for sale on the dark web;
  • He can encrypt the data and make it inaccessible to school staff, blackmailing them by demanding a ransom to get it back.

For computer security in distance learning, it is crucial to customise the access level of users. This means setting a different type of access depending on the user’s role in the school or university. For example, a student can view all subject-related materials and is allowed to download files, teachers can both upload and view materials needed for lessons and student assessments.

You can protect sensitive data, research and other critical assets by admittingonly those who are authorisedwith two-factor-authentication (2FA).

3. Protection against malware

The move to distance learning has led to the use of personal devices that connect to the school network. The problem that then arises is far from trivial: hackers can use these smartphones or tablets to circumvent school security rules and access information.

When cyber criminals manage to infiltrate the school network, they install malware, i.e. malicious software that can sneak into a computer, mobile device or company or school network without authorisation. Their purpose is to steal confidential data, spy on people’s activities or cause more or less serious damage to the computer system on which it is installed.

To remedy this situation, it is necessary to protect all devices used in distance learning with antivirus software, making sure they are up to date.

It is important to implement advanced web protection features that can identify and block the latest threats. In addition to an antivirus that protects the computer in real time, it is advisable to install an anti-malware that acts in real time, i.e. with continuous protection, so that threats are inoffensive right away, without waiting for problems to occur on the computer.

4. Protection against phishing

Social engineering attacks and phishing represent the main cyber security risks in distance learning. In this case, hackers manipulate students, teachers or staff members, so thatthey click on malicious links and forphishingaccess to the school’s network and valuable resources.

Suffice it to say that, according to data published by ANSA, 270,000 users from July to December 2020 were affected by hacker attacks using online learning platforms as bait.

The best way to counter social engineering and phishing attacks is through awareness of the risks involved online and training for all users. Educating and testing with mock attacks helps foster a positive cyber security culture and makes people less likely to fall for fraud.

Ensuring that email security is up to date and having advanced protection helps protect against known and unknown malware, ransomware, exploits and viruses.

5. Disruptive actions during a videoconference

Also known as Zoombing, it is a phenomenon that has been depopulating video conferencing platforms such as Zoom since March 2020, compromising computer security in distance learning.

These attacks are different from the more well-known ones, which take place on video call platforms. These attacks are organised in a similar way to the campaigns of insults, threats and harassment that take place on social networks, which have been seen several times in recent years.

On particular groups on social networks and messaging apps, access codes for meetings and lessons on Zoom are disseminated, often made public by the organisers themselves, who do not imagine possible negative consequences, such as an invitation to disrupt and interrupt video lessons.

The New York Times also found a large number of social profiles and accounts where these access codes were shared, with the aim of disrupting and sabotaging these conferences: 153 on Instagram, dozens on Twitter and numerous discussion forums on Reddit, which then intervened by closing the platform.

The motivations of some users to purposely disrupt the video conferences are different. Some are more ‘innocent’: they are teenagers who, bored, enjoy playing these pranks, not far removed from classic prank phone calls. Others interrupt video conferences or lessons to show, for example, explicit or violent material, or even racist or pornographic material.

To prevent this, it is advisable not to share the online link to the video lecture, especially on social networks. In addition, you can create waiting rooms where you can see who wants to participate in the meeting that is about to start and choose among them who can and cannot enter.

Some tips for computer security in distance learning

Remote learning requires precise policies for IT security in distance learning.

School staff members should be able to follow a solid plan, which guides them to appropriate conduct within school networks.

The monitoring of activities within the school becomes of paramount importance.

Any irregular behaviour could be an indication of illegal activities. Misbehaviour includes: late night access or unsuccessful attempts, or from locations outside the area covered by the school.

With this in mind, here are some ideal tips for computer security in distance learning:

      • Teach students and their parents about identifying phishing attempts;
      • Explain the ways in which hackers will try to take advantage of the new distance learning situation;
      • Teach parents the signs of a bogus email, which include poor grammar, irregular punctuation or generic greetings (dear sir or madam);
      • Make sure parents know that teachers will never ask them for personal information, such as social security numbers or account passwords, via email.
      • Focus on protecting the infrastructure of the systems on which you store your content: Microsoft 360, Cloud, etc. Web filters and firewalls will only be effective if schools provide computers with those blocks, and the filters already in place are installed.
      • Enable features that you can control on Google, Cloud and so on to strengthen overall security, such as authenticationmulti-factor (MFA) or the “password complex” required.

If you think this article could be useful to your colleagues and acquaintances, don’t hesitate to share it, it will take less than a minute and make the web a little safer.

CybeRefund Srl – Benefit Society, Piazza Luigi Vittorio Bertarelli, 1 – 20122 Milano (MI)
P.I. and Fiscal Code 11076520961