The Center for Digital Education recently spoke with Steve Caimi, Cisco public sector cybersecurity specialist, about lessons learned and best practices as institutions look to hybrid and online learning environments in the fall and beyond.
Students and educators had to adjust behaviors, and they had zero time to adapt to that. What worked well is that learning continued and students could work at their own pace. Educators kept the education process going. That alone is a win. However, a lot did not go well. For example, many students suffering from structural inequalities had no homes to go to; some were unable to get there; and some returned to faraway places with time zone changes that made live learning difficult or impossible. Many had no home internet access or access to devices. Closing campuses without comprehensive contingency plans caused tremendous disruption, and we can’t allow that to continue. Of course, no one could have — or even should have — planned for an unlikely pandemic. There’s no blame to place on anyone, but we can learn from it. And that time is now.
Attacks on conferencing platforms were highly publicized. Educators often choose a platform that is free and easy, but those technologies can lack vital security and privacy controls. That’s why people were able to hack into online classrooms and inject hate speech and other terrible material. Verifying user identity has been another challenge. Students are provided a username and password, but how do you know who is actually using it? We’ve heard for years that identity is the new perimeter, but authentication still relies too much on password-based credentials. The shift to multi-factor authentication must happen now. As students and educators are spending even more time online, and on networks that lack security protections, it’s tempting for attackers to target and exploit their devices.
We should start thinking about education the way we think about critical infrastructure in this country. According to DHS/CISA, critical infrastructure sectors include health care, energy and transportation — but higher education is vital for the future of our nation and the American people. Nothing should disrupt education, not even a pandemic, just like we couldn’t live without power or water. Let’s plan for 100 percent uptime in education. I would recommend that institutions follow a best practices approach to cybersecurity. The NIST Cybersecurity Framework (nist.gov/cyberframework) was designed for critical infrastructure sectors, and it’s a simple and easy way to improve any cybersecurity program. It includes key outcomes like multi-factor authentication, malware detection, web/email content filtering and remote access management that I’d specifically recommend for higher education.
Cybersecurity has gotten much simpler in recent years, and the cloud makes it possible. We don’t always have to buy boxes to install in our own datacenters anymore, and different technologies can work together now. It’s much easier to manage. For example, Duo MFA (duo.com/mfa) is cloud-based, making multifactor authentication incredibly easy. Deployment is a snap; the mobile app is simple; and it validates identities in seconds. And the Cisco SecureX platform (cisco.com/go/securex), also cloud-based, enables integration and automation, making your security team more effective. These are just two examples of many. So my final piece of advice is this: You can do more than you ever thought possible. And Cisco can help.
This content is made possible by our sponsors; it is not written by and does not necessarily reflect the views of e.Republic’s editorial staff.