As schools have started, and many of our kids either head back to their
physical classrooms or learn from home, we all continue to face a new set of
challenges brought about by COVID-19. Similarly, though many of us have
returned to our offices or workplaces, at least to some degree, others are
still working primarily from home.
From Zoom meetings to setting up our virtual learning environments to the
best of our abilities, it is important to remember that the conveniences
afforded by these technologies should always be tempered by security
considerations.
One recent article suggests that schools, universities, and academic
institutions may be in for a rough fall. Largely due to an inability to
completely manage remote devices, unpatched systems, an overarching emphasis on
user-friendliness over security, and an increase in phishing scam success, many
expect that ransomware attacks will be on the rise.1 Compounding this problem is the fact that once an institution
or organization pays a ransom, they become a more likely target for future
attacks. Regular and complete data backups mitigate this risk and help to
reduce the likelihood of repeat attacks.
Furthermore, academic institutions and organizations are having to adjust
work and learning situations as they go. As many colleges have started, there
have been a growing number of cases in which students are being sent home only
a few weeks into the semester in response to outbreaks.2 In addition to the question of how to best keep students,
faculty, and the nation at large as safe as possible, colleges and universities
will also have to assess how to most efficiently continue educating students
from a distance. In the hustle and bustle of trying to coordinate the student
body and faculty, security concerns may be pushed to the back burner in an
effort to optimize ease of use and functionality as quickly as possible.
Stay Secure
With the aforementioned risks associated with remote work compounded with a
hurried response, it is important that security remains a number one priority.
Regarding operational risk throughout this crisis (as mentioned in my last
article, "Operational
Risk Revisited in the Wake of COVID-19"), simple security best
practices—such as the use of virtual private networks, multifactor
authentication, avoiding public Wi-Fi, securing endpoints, strong passwords,
email encryption, updating software when necessary, and using only approved
technologies and devices while working remotely—help institutions to remain
secure while also providing students with an effective distance learning
program.
Regularly communicating these practices to employees and students is
critical, even when in-person learning ultimately resumes, and training in
phishing attacks and social engineering helps to bolster the always important
"human element" of security.
Conclusion
Within organizational settings, I have frequently commented on the need to
develop strong cultures of security with top-down management support and
education. Home environments require the same sort of commitment. From creating
positive distance learning environments to continuing to work and communicate
remotely within our organizations, it should always be conveyed to employees,
educators, and students that security is a universal responsibility.
Once a
true return to normalcy has occurred, having practice in remote work security
policies and procedures will remain beneficial and applicable within our
physical workspaces.