Expert Commentary

Security from Home: Continuing To Work and Learn Amid COVID-19

As schools have started, and many of our kids either head back to their physical classrooms or learn from home, we all continue to face a new set of challenges brought about by COVID-19. Similarly, though many of us have returned to our offices or workplaces, at least to some degree, others are still working primarily from home.


Cyber and Privacy Risk and Insurance
October 2020

From Zoom meetings to setting up our virtual learning environments to the best of our abilities, it is important to remember that the conveniences afforded by these technologies should always be tempered by security considerations.

One recent article suggests that schools, universities, and academic institutions may be in for a rough fall. Largely due to an inability to completely manage remote devices, unpatched systems, an overarching emphasis on user-friendliness over security, and an increase in phishing scam success, many expect that ransomware attacks will be on the rise.1 Compounding this problem is the fact that once an institution or organization pays a ransom, they become a more likely target for future attacks. Regular and complete data backups mitigate this risk and help to reduce the likelihood of repeat attacks.

Furthermore, academic institutions and organizations are having to adjust work and learning situations as they go. As many colleges have started, there have been a growing number of cases in which students are being sent home only a few weeks into the semester in response to outbreaks.2 In addition to the question of how to best keep students, faculty, and the nation at large as safe as possible, colleges and universities will also have to assess how to most efficiently continue educating students from a distance. In the hustle and bustle of trying to coordinate the student body and faculty, security concerns may be pushed to the back burner in an effort to optimize ease of use and functionality as quickly as possible.

Stay Secure

With the aforementioned risks associated with remote work compounded with a hurried response, it is important that security remains a number one priority. Regarding operational risk throughout this crisis (as mentioned in my last article, "Operational Risk Revisited in the Wake of COVID-19"), simple security best practices—such as the use of virtual private networks, multifactor authentication, avoiding public Wi-Fi, securing endpoints, strong passwords, email encryption, updating software when necessary, and using only approved technologies and devices while working remotely—help institutions to remain secure while also providing students with an effective distance learning program.

Regularly communicating these practices to employees and students is critical, even when in-person learning ultimately resumes, and training in phishing attacks and social engineering helps to bolster the always important "human element" of security.

Conclusion

Within organizational settings, I have frequently commented on the need to develop strong cultures of security with top-down management support and education. Home environments require the same sort of commitment. From creating positive distance learning environments to continuing to work and communicate remotely within our organizations, it should always be conveyed to employees, educators, and students that security is a universal responsibility.

Once a true return to normalcy has occurred, having practice in remote work security policies and procedures will remain beneficial and applicable within our physical workspaces.

1 Doug Olenick, "As Classes Resume, Schools Face Ransomware Risk," BankInfo Security, August 26, 2020.

2 Anne Flaherty, "Thousands of Students, Staff Sent Home Nationwide as COVID Snarls School Reopenings," ABC News, August 14, 2020.


Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

Like This Article?

IRMI Update

Dive into thought-provoking industry commentary every other week, including links to free articles from industry experts. Discover practical risk management tips, insight on important case law and be the first to receive important news regarding IRMI products and events.

Learn More