Due to the COVID-19 pandemic, your university or college has most likely had to shift to virtual operations. Running an institution of higher learning online has its advantages and disadvantages. It reduces “brick and mortar” costs like utilities, keeps employees and students safe, and allows classes to continue even while people are self-quarantining.
But there are also some disadvantages to shifting your school’s operations online. Your students may have trouble accessing or engaging with online classes, and you could see a drop in productivity in your employees. However, the most significant disadvantage is that your institute of higher learning is opening itself up to cyber attacks.
Security Risks of Virtual Operations for Schools
There are three primary risks that institutes of higher education are vulnerable to when switching to virtual classrooms: phishing, bad updating hygiene, and 3rd party attacks.
According to Verizon Enterprises’ annual Data Breach Investigations Report (DBIR), phishing represents 93% of all online security breaches investigated. Phishing is one of the oldest scams in the internet age, and it involves a scammer sending a fraudulent email in an attempt to have the user download a malicious file or click on a link. This means that your biggest security risk is your own employees and students who could open a phishing email without even knowing it.
Software providers and computer manufacturers are aware of the security risks associated with virtual operations and often release patches and updates that help guard against the latest known cyber attacks. But their efforts are futile unless they are applied in a timely manner. Many users do not update their software and systems regularly, and thereby miss out on the added protection.
The final major risk is a 3rd party attack. This occurs when your virtual systems are infiltrated by hackers through a 3rd party provider or partner who has permission and access to your data. These partners can be attacked and your data will be at risk.
What Can Universities as Institutions Do?
Luckily, there are ways you can protect your institution and employees from malicious cyber attacks.
To help prevent security breaches caused by phishing, empower your employees and students to interrogate unusual emails and to be cautious when clicking on links and downloading attachments from unfamiliar emails. There are also phishing filters users can add to their internet browser or email application to help identify malicious messages.
A simple way to protect yourself from cyber attacks is to implement a patching and update schedule for employees and students alike. Patches should be installed as soon as they are available, and you can check for new updates every 2-3 weeks. Vancord emphasizes security fundamentals which is why patching is so important. Patching is one of the easiest, yet often neglected ways to provide operating system and application protections.
Establishing Virtual Information Security Office (vISOs)
You can also establish a Virtual Information Security Office (vISO) to help transition students, faculty, and staff to your newly digital operations. Using communication technologies or social media, a vISO can provide support to users who are struggling with the transition or who fear they may be vulnerable to cyber attack. By empowering users to utilize the vISO's knowledge, you can create a safer cyber environment.
Many schools were forced to transition to virtual operations very quickly during this COVID-19 pandemic. Even though this process was often not voluntary, it could be a boon for your institution. National collegial trends are shifting towards online learning, and it can be an excellent way to reduce costs while providing more people access to education. Now is the time to make investments for the future of your institution, while simultaneously ensuring that your operations are safe and secure.
Click here to sign up for a FREE consultation with our expert higher education cybersecurity team.