As institutions pivoted to online learning this spring, what worked well and what didn’t?
Students and educators had to adjust behaviors, and they had zero time to adapt to that. What worked well is that learning continued and students could work at their own pace. Educators kept the education process going. That alone is a win. However, a lot did not go well. For example, many students suffering from structural inequalities had no homes to go to; some were unable to get there; and some returned to faraway places with time zone changes that made live learning difficult or impossible. Many had no home internet access or access to devices. Closing campuses without comprehensive contingency plans caused tremendous disruption, and we can’t allow that to continue. Of course, no one could have — or even should have — planned for an unlikely pandemic. There’s no blame to place on anyone, but we can learn from it. And that time is now.
What did the pivot look like from a security perspective?
Attacks on conferencing platforms were highly publicized. Educators often choose a platform that is free and easy, but those technologies can lack vital security and privacy controls. That’s why people were able to hack into online classrooms and inject hate speech and other terrible material. Verifying user identity has been another challenge. Students are provided a username and password, but how do you know who is actually using it? We’ve heard for years that identity is the new perimeter, but authentication still relies too much on password-based credentials. The shift to multi-factor authentication must happen now. As students and educators are spending even more time online, and on networks that lack security protections, it’s tempting for attackers to target and exploit their devices.
As educators look toward continued online and hybrid learning experiences in the fall, what best practices are emerging?
We should start thinking about education the way we think about critical infrastructure in this country. According to DHS/CISA, critical infrastructure sectors include health care, energy and transportation — but higher education is vital for the future of our nation and the American people. Nothing should disrupt education, not even a pandemic, just like we couldn’t live without power or water. Let’s plan for 100 percent uptime in education. I would recommend that institutions follow a best practices approach to cybersecurity. The NIST Cybersecurity Framework (nist.gov/cyberframework) was designed for critical infrastructure sectors, and it’s a simple and easy way to improve any cybersecurity program. It includes key outcomes like multi-factor authentication, malware detection, web/email content filtering and remote access management that I’d specifically recommend for higher education.
Any final advice for technology leaders?
Cybersecurity has gotten much simpler in recent years, and the cloud makes it possible. We don’t always have to buy boxes to install in our own datacenters anymore, and different technologies can work together now. It’s much easier to manage. For example, Duo MFA (duo.com/mfa) is cloud-based, making multifactor authentication incredibly easy. Deployment is a snap; the mobile app is simple; and it validates identities in seconds. And the Cisco SecureX platform (cisco.com/go/securex), also cloud-based, enables integration and automation, making your security team more effective. These are just two examples of many. So my final piece of advice is this: You can do more than you ever thought possible. And Cisco can help.