Security tips for schools providing remote network access to students & teachers


Security tips for schools providing remote network access to students & teachers

Home schooling has become a mainstay of life since the COVID-19 pandemic spread across the world. For some schools, remote studying only comes into play during snap lockdowns which, in some cases, have become prolonged. For many higher education providers, taking classes from home has become the norm. So, securing school networks from increased threat of cyber attacks and protecting students should be a high priority.  

To do so safely, without exposing their networks and home schoolers to cyber risks, schools should follow certain best practices to make sure digital assets are just as secure as they would be on campus.

Unfortunately, cyber criminals have already started to take advantage of the pandemic. From the malware-infected Coronavirus heat map, to the phishing emails aimed at taking advantage of fearful Australians looking for answers, criminals are actively trying to capitalise on vulnerabilities during this challenging time.

The risks of home schooling

Home schooling, for a portion of the nation's students, has always been a valid option. However, the current scale of remote education is unprecedented. According to some figures, previously home school numbers were around 30,000.  This meant schools that enrolled distance students could manage security risks with relative ease.

However, under the current situation, when a city or state's entire student population are suddenly relying on online tools at extremely short notice, it is very difficult for schools to prepare and adapt.

Every time a student logs onto the school network, the IT team has to monitor and secure that student’s device. When you have thousands of students logging on from different locations, this becomes an impossible task.

(What is malware and what does it do?)

Another challenge schools and teachers face is that students tend to be less alert and easily distracted at home.

There can be a lot of distractions for students when trying to study from home during a lockdown.

Especially during this chaotic time, many students are mixing schoolwork with other activities such as web browsing, playing games, or chatting with friends while using personal devices to do schoolwork. Engaging in these activities on school devices increases their chance of exposure to phishing emails and fake websites.

Adding to the problem is home networks typically are less secure and more vulnerable to phishing attacks.

What schools can do to minimise cyber risks

Despite the challenges, this is the optimum moment to take stock of your school’s security infrastructure for remote learning to avoid a serious security breach.

School communities working and learning at home can follow these practical security steps to protect their school networks:

1. Use a reliable virtual private network (VPN)

By providing a VPN service to all staff and students where necessary, their online activities are the same as if they were sitting at school, the secured network. All traffic is encrypted and protected by the school’s local network security measures.

However, it’s important to recognise that not all VPN services are created the same. Some only encrypt the data in transfer, but not application data. Others collect data to sell to third parties. Therefore, it’s important to do your research in choosing a reliable VPN service.

2. Provide phishing training to staff and students

Good email practices are critical to securing a school's network.

Phishing is a key contributor to cyber security breaches, according to this COVID-19 alert from the Australian Cyber Security Centre. Given the number of Coronavirus and vaccine-themed emails currently out in the wild, now is a good time to circulate training on good email hygiene best practices to warn staff and students of possible scams.

  • Always check that you trust the source of the email – check the spelling of names and websites to make sure they are legitimate
  • Be wary of emails coming from health organisations as there are a lot of spoof domains
  • Do not download attachments unless from a trusted source
  • Always question the wording of emails before clicking anything

3. Avoid sharing resources for work/learning and personal use

For students with school devices, it is best practice not to share your device across users. Additionally, it's not a good idea to access or download non-school applications from these devices. Doing this increases the chances of malware or other malicious code entering the school's network.

4. Install cyber security tools such as firewall and AV on home networks

Communicate with parents to educate them on installing or updating their cyber security measures on the home network. This includes firewalls as a first line defence to prevent threats entering and a good antivirus software that can act as the next line of defence by detecting and blocking known malware.

It’s also important to update and patch all apps and browsers and ensure they are on auto update to prevent cyber criminals exploiting known security vulnerabilities.

Encouraging parents to upgrade their routers at home to modern devices with additional cyber security controls could also prove valuable.

5. Educate students on good password hygiene

It’s as important as ever to ensure that all accounts are protected with strong passwords. Unfortunately, many people still use the same password across multiple accounts. This means criminals can take over all accounts by having access to just one password.

(5 tips for better password security)

Passwords should always be a long string of upper- and lower-case letters, numbers, and special characters. Using a good password manager is important to create, remember, and autofill passwords.

As a resource to help families easily remember cyber security steps at home, we have created an Online Safety Checklist that can be printed and placed near the family computer for quick reference, available for download here.

What to read next:

Not all web filters are created equal
How smarter networks ensured students kept learning through COVID-19
Why our post-pandemic work-from-anywhere world is driving businesses to SASE