Enabling secure remote learning environments promptly during a crisis

Jessica Riccio, Solutions Marketing Manager, Fortinet, explores the security solutions that can be put in place to protect remote learning environments

The global pandemic has drastically altered educational institutions’ learning and teaching models. While online learning existed prior to COVID-19, it is not to be confused with the emergency remote learning pressures being placed on schools today. Online learning is the result of careful design, planning, and development and it can take many months before a course is delivered. In contrast, the goal of remote learning is not to re-create the physical classroom but to provide students temporary access to educators, their lessons, and school resources quickly, reliably, and securely.

With educational institutions scrambling to deliver this service, the reality is that students, faculty and IT staff found themselves unprepared for remote learning. Putting in place a contingency plan at the eleventh hour that enabled a secure remote learning environment for students and faculty at scale proved to be a daunting task even for the most adept IT administrators.

Remote learning challenges

COVID-19 is highlighting the infrastructure and access challenges and risks that educational organisations must address, especially in the event that a crisis like this happens again. With a significant increase in devices and external network traffic, IT administrators need to ensure that the network infrastructure can scale to support this surge in traffic. What is more, they need to remain vigilant of unusual login attempts or large data transfers, and any other irregular behaviour. In addition, the regularity and coherence provided in the physical classroom with regards to technology, security, and access is lost in the remote home environment. For example, at home, many students are not equipped with suitable technology or devices or simply don’t have access to a secure and stable internet connection. The result is that students unable to regularly follow the curriculum and easily access school resources will fall behind. Furthermore, the use of inherently insecure personal devices in home environments lacking the endpoint security solutions ubiquitously adopted in a school environment, allows hackers to easily exploit their vulnerabilities.

On top of the infrastructure and access challenges, the human element adds an additional layer of cyber risk to the remote learning environment. Human behaviour dictates that people in the same household are more likely to share devices and passwords, click on a link in a phishing email, or download unauthorised and dangerous applications.

Security is critical to future-proof remote learning environments

It’s important to establish what students and faculty need in order to securely access remote learning resources. As a start, students and faculty will require access to email, internet, teleconferencing, limited file sharing, and function-specific capabilities (e.g. HR) from their remote work site. Depending upon the individual institution, they might also require access to Software-as-a-Service (SaaS) applications in the cloud, such as Microsoft 365.

In that instance, Virtual Private Network (VPN) access and endpoint security are crucial. Students now have an easier time accessing potentially sensitive and dangerous content, so replicating the measures that the school network would normally have in place to allow more control, is important. A dedicated secure VPN connection, rather than an open Wi-Fi network can reduce the risk of cyber threats and make it more difficult for threat actors to gain access to the network. Also, having a central authentication service that’s constantly monitoring the various devices gaining access to the network, is a way for IT teams to keep on top of who is gaining access to what and when. Adding on multifactor authentication can prevent hackers from using stolen passwords to access networked resources. Deploying a web application firewall (WAF) can also protect web application servers and the infrastructure from attacks and breaches originating from the internet and external networks. Lastly, segmenting the internet-facing teaching applications from other internal applications, such as the HR system, can also help limit the scope of the impact of a cyberattack.

Since humans are oftentimes the weakest link, security for human error is as much about infrastructure as it is about education. This entails communicating proper password protection methods, ensuring patching is being pushed through to devices and software, as well as clear instructions for downloading certain applications and what to look out for in a phishing email. All this requires a constant stream of monitoring occurring from the security team.

Global health crises and disasters such as what we’ve seen from COVID-19 are not likely to go away anytime soon. Ensuring that the network infrastructure is secured via VPN and endpoint protection, on top of clarity with how students and faculty can protect themselves is critical. Even though everyone is learning remotely, the way we’re connected and the human element has never been more important. With a securely enabled remote learning environment, educational institutions will be one step ahead in providing secure access to critical learning resources, while scaling to meet the demands of students and staff from day one.