Cybersecurity is essential as more school employees work remotely due to the COVID-19 coronavirus. Teleworking and distance learning come with the added responsibility of taking the appropriate steps to protect school data while connected online. Teachers and school administrators can protect their school's network and colleagues by following these tips from the National Cybersecurity Alliance.
- Know the school's telework policies. This includes when and where it is acceptable to work away from school, as well as security measures and best practices.
- Use only devices approved by the school. Avoid working on personal computers, tablets and cellphones – and on devices shared with others.
- Use VPN when necessary. Virtual private networks, which provide secure direct connections to the school's computer network, might be necessary to access files, work with sensitive information or use certain websites. If a device isn't set up for a VPN, contact the school's IT help desk to see if it's available.
- Update routers' software. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase.
- Think before clicking. Avoid downloading or clicking on unknown links in emails. Call the sender before clicking. Hackers often use fake websites to trick targets into giving sensitive information or installing malware on their device.
- Guard devices. If the school allows employees to work from places other than home, never leave a laptop, tablet or cellphone – including any USB and external storage devices – unattended. Avoid entering passwords where others can see.
- Create strong passwords. Be sure passwords include a mix of upper and lowercase letters, numbers and symbols. Make them difficult enough that someone can't guess them.
- Don't share passwords online. If it's necessary to share log-in information with a coworker, call them instead of sending it via email, text or instant message.
- Use two-factor authentication. Two-factor authentication, although sometimes inconvenient, provides an extra layer of security to keep hackers from accessing accounts.
- Encrypt email. Some data and information might need to be encrypted before sending it electronically. This might include information that would otherwise be shared in a conversation at the office.
- Update devices. When using a personal device approved for teleworking, be sure that it's running the most current operating system and that the web browser and other applications are up to date. Run up-to-date, modern anti-virus software. Updates include important changes that improve the performance and security of devices.
- Contact the IT help desk. When needing technical support, contact the school's IT department. Don't try to fix technical issues.
For School Administrators
As schools explore various teleworking and virtual learning solutions, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency recommends examining the security of IT systems by taking the following steps.
- Secure systems that enable remote access. Take the following steps:
1. Ensure that virtual private networks and other remote access systems are fully patched.
2. Enhance system monitoring to receive early detection and alerts on abnormal activity.
3. Implement multi-factor authentication.
4. Ensure that all machines have properly configured firewalls as anti-malware and intrusion prevention software installed.
- Test remote access solutions' capacity. If needed, increase their capacity.
- Keep plans up to date. Check the relevance of continuity of operations and business continuity plans
- Support remote workers. Share IT support mechanisms with employees working from home.
- Update incident response plans. Make sure that they address workforce changes in a distributed environment.
(Source: National Cybersecurity Alliance)