Remote learning: Cybersecurity and compliance in the COVID-19 age

Reducing the risk of viruses and cyberattacks is key
Richard Quinones is senior vice president at iboss.
Richard Quinones is senior vice president at iboss.

The COVID-19 outbreak has forever changed the world as we know it. Every industry, including education, has had to adapt to a rapidly changing reality.

Today’s technology allows us to better adapt. The increasing availability of apps, such as Zoom and Google Hangouts, has given employees the opportunity to work from home, but more important, it has given students the chance to learn from home.

And while remote learning may be a much larger part of students’ and schools’ curriculum in the near future, its application today is still in its relative infancy. As a result of the coronavirus, which has impacted at least 124,000 U.S. public and private schools to date, millions of students have been thrust into remote learning situations.

Students who have spent their lives in classrooms interacting face to face with their teachers now have to adapt to a virtual format. This has left many educators concerned about the long-term impact remote learning may have on students, and the inevitable question that comes to mind is: Will students’ education suffer?

Read: Why smartphones can’t fill the access gap in online learning

Maintaining secure connections

But another immediate, pressing matter that few have touched upon is how to secure student connections to the internet and thus their data and school system data while they work remotely during school closures. As schools implement districtwide and statewide remote learning, entire student and administrator populations are now using personal and public internet networks, which are not always secure, and this greatly increases the risk of individuals accidentally picking up viruses or being the target of cyberattacks such as ransomware.

Today’s situation does serve as a wake-up call for schools and districts that do not have the proper cybersecurity measures in place.

Ransomware, which locks operating systems until attackers receive payment from victims, was once originally aimed at corporations. However, we have seen a spike in attacks against government bodies and education systems in recent years. Among the most notable recent attacks against educational institutions include a cyberattack that hit three public school districts in Louisiana, a ransomware attack that hit Rockville Centre School District in New York, and a ransomware attack that infected thousands of servers and devices in Las Cruces Public Schools in New Mexico.

These attacks have led to communications disruptions, enormous losses of taxpayer money, and frustrated citizens. Ransomware attacks have also made media headlines due to the incredibly high dollar amounts that hackers have been demanding.

According to a report released recently by the K-12 Cybersecurity Resource Center of Arlington, Virginia, there were 348 publicly disclosed school cyber incidents in 2019, including malware outbreaks, phishing attacks, denial of service attacks and more. That’s almost three times the number of similar incidents registered during 2018, and the spike is almost certainly related to schools’ greater reliance on technology.

Ensuring compliance

As it stands, many schools across the country are relying on cybersecurity platforms that run in school building data centers and that don’t have the required hardware and bandwidth to protect devices accessing the internet in remote locations. Others are relying on existing firewalls, which offer a limited level of content filtering. Neither of these measures ensures that districts are adhering to the Children’s Internet Protection Act (CIPA) for the hundreds of thousands of devices a district may never intended on sending home in the first place.

Read: Updated: 105 free K-12 resources during coronavirus pandemic

Even more troubling is the fact that if a district is not CIPA compliant, it is in jeopardy of losing hundreds of thousands, if not millions, of discount dollars through the federal E-rate program, which allows districts to receive federal discounts and relief to pay for internet broadband services.

In truth, the blame should not lie with schools alone. School districts often have limited budgets, and the money intended for cybersecurity is not enough to prepare them for a situation as uncommon as the one we’re living with today.

But today’s situation does serve as a wake-up call for schools and districts that do not have the proper cybersecurity measures in place. We have been pushed into a new dimension of the digital age, and the good news is that cloud cybersecurity providers are ahead of the curve and are able to secure networks and data regardless of the access point.

Today’s unprecedented circumstances have put school districts under immense pressure, and at the forefront of every administrator’s mind as we adapt to the new normal should be three key topics: preventing learning loss, maintaining strong cybersecurity and ensuring compliance.

Richard Quinones is senior vice president at iboss.

DA’s coronavirus page offers complete coverage of the impacts on K-12.

Most Popular