Attacks on conferencing platforms were highly publicized. Educators often choose a platform that is free and easy, but those technologies can lack vital security and privacy controls. That’s why people were able to hack into online classrooms and inject hate speech and other terrible material. Verifying user identity has been another challenge. Students are provided a username and password, but how do you know who is actually using it? We’ve heard for years that identity is the new perimeter, but authentication still relies too much on password-based credentials. The shift to multi-factor authentication must happen now. As students and educators are spending even more time online, and on networks that lack security protections, it’s tempting for attackers to target and exploit their devices.
We should start thinking about education the way we think about critical infrastructure in this country. According to DHS/CISA, critical infrastructure sectors include health care, energy and transportation — but higher education is vital for the future of our nation and the American people. Nothing should disrupt education, not even a pandemic, just like we couldn’t live without power or water. Let’s plan for 100 percent uptime in education. I would recommend that institutions follow a best practices approach to cybersecurity. The NIST Cybersecurity Framework (nist.gov/cyberframework) was designed for critical infrastructure sectors, and it’s a simple and easy way to improve any cybersecurity program. It includes key outcomes like multi-factor authentication, malware detection, web/email content filtering and remote access management that I’d specifically recommend for higher education.
Cybersecurity has gotten much simpler in recent years, and the cloud makes it possible. We don’t always have to buy boxes to install in our own datacenters anymore, and different technologies can work together now. It’s much easier to manage. For example, Duo MFA (duo.com/mfa) is cloud-based, making multifactor authentication incredibly easy. Deployment is a snap; the mobile app is simple; and it validates identities in seconds. And the Cisco SecureX platform (cisco.com/go/securex), also cloud-based, enables integration and automation, making your security team more effective. These are just two examples of many. So my final piece of advice is this: You can do more than you ever thought possible. And Cisco can help.