Editor's Note: This article was originally published on The EvoLLLution.
As a global pandemic forces university campuses to shut down, faculty around the world are doing their best to create academic continuity for students by moving their classes online. Many of those same faculty members have also been instructed to teach from home, making them prime targets for cyberattacks.
In the rush to move to the Internet, the higher education community must be wary not to overlook basic security best practices. Taking cybersecurity measures is not just about protecting an individual faculty member or student; it’s about protecting the university system. To the casual observer, it might not seem like a big deal if someone hacks a professor’s computer to find copies of student essays. But that professor’s computer is potentially an access point to much more at the university itself.
Universities are increasingly a target of cybersecurity attacks, from espionage to accessing proprietary research or ransomware attacks that risk draining an institution’s bank accounts. Universities can also be targeted for their vast computing power, which an adversary might use to attack a different target unrelated to the university.
For colleges and universities offering online education programs, one of the most important responsibilities they have is putting the necessary privacy and security measures in place. In the race to bring courses online, I recommend that instructors take the following steps to protect themselves, their students, and their institutions from malicious actors looking to take advantage of a chaotic global environment.
The first step is to set up a fast and secure Internet connection at home.
First of all, change the password to your home wifi network. This is something you should be doing every few months anyway. Also, consider changing your wifi router’s password if it was never changed from the default password it came with. You would never leave the default password set on your computer, right? The same should go for anything else. While you’re working with your router, make sure there are no large metal objects in the signal’s path to where you generally work to ensure the strongest connection.
Make sure you have these security tools installed.
Think of the information stored on your computer as the crown jewels requiring multiple guards to protect all of the entrances to the vault. All of the following tools are important to use together because they are each responsible for guarding different doors a hacker could open/use to infiltrate your system:
- VPNs: many universities will provide faculty with a VPN (virtual private network). If you have access to a VPN through your institution, make sure you have it activated. It’s an important step to ensuring a secure Internet connection that not only encrypts your traffic but can also deter some attacks.
- Encryption software: you can encrypt the content stored on your computer using BitLocker for Windows or FileVault for Mac. That way, if someone gets physical access to your computer, they can’t steal your data while the computer is locked or asleep.
- Password tools: one of the most common ways hackers access private information is by getting access to account login information from black market databases. Make sure all of your accounts are secure by using long, unique for every account. You can manage these passwords with tools like OneLogin and LastPass. In addition to strong passwords, you should also always turn on two-factor authentication if available. A great storage tool for multiple two-factor authentication credentials is Authy.
Protect yourself against the most common hacker strategy: phishing.
Phishing is when a hacker emails a target under a fake guise to trick them into doing something. The hacker’s goal could be to access anything from your credit card information to your username and password for your institution’s LMS. A common way that adversaries can get an end-user to unknowingly install malicious software is by getting them to download a file from an email. Be careful with what you download, and only open files you are expecting.
Phishing emails are currently being disguised in relation to the coronavirus. Hackers are taking advantage of the pandemic by misleading people with fake emails from the CDC or maps of areas infected with coronavirus that install malware. For a university professor, a phishing email could take the pose as a student inquiry. The easiest way to tell if an email is fake is by examining the sender’s email address and seeing if you recognize it. As a precautionary measure, ask your students to only send emails from their student email addresses.
Don’t forget about the security of your home office.
Now that you potentially have more sensitive physical documents to keep track of at home, store them in a secure place where they can’t easily be picked up by an intruder. Physical attacks that provide intruders with critical information can be the beginning of a digital attack.
As an instructor now teaching dozens, maybe hundreds, of students via video from your home office, think about how to protect your privacy not just against malicious hackers but also curious students. If you don’t want them appearing on your doorstep, ensure the view from your computer camera doesn’t show anything identifying the location of where you live. While students could look up your address through other resources, it’s about limiting what we call “the attack surface.” It’s also recommended to cover the webcam on your computer when not in use with a piece of tape or paper. Some viruses that can be downloaded onto your computer are capable of accessing the camera even when it is not in use.
Even the most prepared faculty member should learn to recognize the signs of a successful cyberattack, which are often subtle.
Look out for computer behavior that is inexplicably disconnected from your own actions including a significantly slower connection than usual, web advertisements targeted to you in foreign languages, unsolicited software installs, movement of files on your desktop, or a floating mouse. If you are suspicious that an attack may have occurred, contact a professional at your institution immediately. Turn off the wifi connection on your computer, but keep the computer itself turned on. This helps preserve any evidence on your computer so that your IT team can more easily trace the source of the problem and possibly the attack.
Putting proper security measures in place is more important than ever during this period of heightened vulnerability. For every step that an instructor takes, the less likely an attacker is to persist in getting access to information that could result in a significant amount of added stress and destruction during an already challenging time in the lives of everyone on campus who stands to be impacted by a cyberattack.
Learn more about us.
At 2U, we’re on a mission—to eliminate the back row in higher education and help universities thrive in the digital age. To learn more about who we are and what we do, follow the links below.