The education landscape has continued to thrive following the aftermath of the COVID-19 pandemic. While stay-at-home orders have been lifted, education has maintained a digital component through online classes and remote-learning technology. Although online education has many benefits, it brings the concern of security breaches. To continue keeping student information secure, education leaders must adapt alongside the changes in technology. EDUCAUSE is a nonprofit association that provides a community for technology, academic, industry and campus leaders to collaborate and build together. The annual EDUCAUSE conference hosted several sessions that showcased ways to keep students engaged and secure in the new age of education.
Educational Institutions as a Hot Target for Cybercriminals
Cybersecurity deserves consistent attention within the education sector. While schools may be compliant with security standards, they can still be vulnerable. Higher education institutions are top targets as they connect thousands of staff, students and faculty members under one system.
There are several strategies IT professionals recommend that can help education systems defend against breaches:
- Keep operating systems and software up to date
- Employ multi-factor authentication
- Maintain robust user training
- Implement encryption
- Create cloud back-ups for information
- Maintain efficient detection and monitoring systems
- Implement a quick incident response plan
- Utilize external and cloud data storage
By following these steps, institutions can take the initiative toward deploying security measures for staff and students alike.
Robust Cybersecurity on a Budget
Since many academic institutions still face budget constraints due to COVID-19, their cyber posture may not be their first IT priority. To enhance cybersecurity, even on a budget, institutions should:
Know their external footprint: Through the employment of third-party devices that scan the internet for web service protocol solutions, agencies can see how much of their information is public.
Identify external login flaws: Since hackers can circumvent simple tools like automatic lockout policies, agencies should identify all login portals and check major input fields for automated controls.
Identify cloud security flaws: Agencies should switch to a multi-platformed and open-sourced cloud, since it enables security posture assessments and detection of security risks.
Implement phishing education and exercises: Phishing is one of the most common ways organizations are compromised. Institutions should ensure that all employees are educated on anti-phishing policies.
Clean up network share permissions and information: By utilizing credential scans, sensitive information can be restricted to the proper personnel. Implementing a zero trust framework ensures that each user will only gain the information that they are authorized to.
Limit the success of kerberoasting: Kerberoasting leverages the functionality of service principles to encrypt user’s passwords, which can later be retrieved offline for hacking. While it is impossible to completely prevent kerberoasting, agencies that implement detection capabilities limit the exposure and effectiveness of kerberoasting.
Prevent relay attacks: Software should avoid authentication systems that can be relayed or cracked. Responder tools can be used to analyze traffic and point out vulnerabilities.
Identify active directory misconfigurations: As active directory environments mature, built up misconfigurations can cause excessive access privileges. To prevent these being misused by bad actors, institutions should implement tools that check for vulnerable certificates.
Strengthen password security: Agencies should ban easy to guess passwords, enable multi factor authentication and disable old accounts.
Avoid flat networks and lack of network segmentation: Access should be limited to those that need to know; student and faculty accounts should reside on different domains.
Fostering a Sense of Belonging for Online Students
By meeting students where they are comfortable, educational institutions can readily share information. For example, since students are familiar with their phones, when universities utilize phone apps it can help provide a unified, digital experience for higher education students to reduce complexity, fuel career readiness and stoke student success. When creating an app for an institution, some helpful features to include are:
- Tailored experiences with custom events depending on the user
- Information unique to students, such as a marketplace to buy and sell goods like dormitory furniture or textbooks
- IT toolkits
- Self-assessment tools for COVID-19 or the flu
- Campus features such as desk or study center reservations, transit routes, dining schedule or university maps
- In-app messaging that can be directed to groups, such as students or faculty or personal messages
- Feedback surveys to inspire improvement
Higher Education’s Top IT Issues for 2023
As students have become accustomed to hybrid and virtual learning, their expectations for new and elevated digital experiences have increased. There are many ways to achieve this modernization, but it requires intentional effort and technology updates from education administrators. Challenges to consider when implementing technology into learning are to:
- Ensure IT has a “seat at the table” so they can weigh in on decisions
- Ensure privacy and cybersecurity by training students and faculty to avoid scams, shift to data minimization, address cloud migration risks and leverage contracts with cybersecurity experts and investments
- Adapt to students’ interests and products familiar to them
- Create a seamless and enriching student experience
- Utilize student data to update technology to better empower students
- Pursue next-generation IT support to expand and reimagine digital campus abilities
Promoting Independence Through IT
A school’s duty is to prepare students for their futures in the workforce. Oftentimes, many careers require extensive knowledge of an array of technologies. Students should show proficiency in these areas to take advantage of more opportunities in various fields. By implementing technology into everyday use, educational institutions can promote confidence in technology, problem-solving skills, time management skills and collaboration between peers.
Diversity, equity and inclusion are also vital to university standards from both a legal and moral lens. IT intersects with diversity to make enrollment and education accessible to all by analyzing existing data to revamp hiring rubrics or utilizing cross-team conferences to create inclusive policies. With these inclusions, schools can emphasize transparency and accountability.
The pandemic revealed the importance of campus communication systems expanding beyond traditional parameters. Education departments had to shift to a remote work environment that a traditional phone system could not easily support. Universities should leverage communications software to reduce costs, provide additional flexible phone capabilities and accommodate all students regardless of where they live.
Through the inclusion of technology, educational institutions can reach new heights in their accessibility and connection with students. By enhancing security and offered digital features, educators can prepare students for an ever-changing workforce.
To learn more about utilizing IT for education initiatives, visit Carahsoft’s EDUCAUSE resource hub to schedule a meeting and speak to a representative today.
*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at EDUCAUSE 2022.*