Friday, June 5, 2020

Securing The New Norm In Distance Learning

Securing The New Norm In Distance Learning

Spotlight

Coming Home: EDC Ensures Safe Return Of Employees Stranded Due To COVID-19 Pandemic

EDC sends stranded employees home after being stranded for 70 days due to COVID-19 pandemic.

Diversified Business Portfolio Key To Phoenix’s Resiliency During COVID-19 Pandemic

Phoenix continues to reap rewards by being able to survive and even emerge profitable despite the challenges of this unexpected public health crisis.

Phoenix Displays Resiliency Amid COVID-19 Challenges

Despite the challenges brought by COVID-19, Phoenix Petroleum remains intact as it beats competitors in terms of performance during the first quarter of 2020.

DOTr Sec. Tugade: Domestic Air Travel Allowed In Areas Under GCQ With LGU Approval

Department of Transportation (DOTr) Secretary Arthur Tugade said that domestic commercial operations in areas covered by the GCQ are now allowed to resume.

Over the past few months, educational institutions around the world – from elementary schools to colleges and universities – have been forced to embrace distance learning. It’s now estimated that 70% of students are currently doing some form of online education.

For many of these institutions, this digital transformation to distance learning was thrust upon them—regardless of whether they were ready or not. Schools are scrambling to not only build the content for their courses but also to build the distance learning infrastructure needed to ensure all of their faculty and students have remote access to this content. The challenge they face is how to do this at scale and do it securely?

Unfortunately, malicious actors and cybercriminals are fully aware that for many organizations, these are uncharted waters. Educational institutions have long been a target by adversaries. According to the 2019 Verizon Data Breach Report, education continues to be plagued by human errors, social engineering, and denial of service attacks. And these changes only compound these challenges.

The movement to distance learning has created additional risk for institutions and created potential opportunities for the adversary. These criminals are more motivated than ever to steal financial information, intellectual property, or simply be disruptive.

Securing the Learning Environment

There are several simple steps every educational institution needs to consider implementing if they desire to set up and maintain an effective distance learning environment while keeping their cyber adversaries at bay. These include:

• Provide Strong Authentication

With advancements in hardware processing power, cracking passwords can be done in a matter of seconds. Which is part of the reason why there is a ton of stolen credentials for sale on the dark web, with more being added every day. It is essential, therefore, to enforce strong password policies (i.e., complexity, length, and expiration), enforce account lockout after failed attempts to prevent password guessing, and leverage multi-factor authentication where possible to prevent the misuse of stolen passwords.

• Protect Web Applications

Next to stealing credentials, exploiting vulnerabilities in applications is the easiest way for an attacker to breach your network. You must scan external sites for security flaws such as cross-site scripting errors and SQL injections. And it’s equally important to encrypt the traffic between your learning systems and your users, whether faculty, students, or administrators, so information can’t be stolen in transit. In addition, deploying a web application firewall (WAF) can protect web application servers and the infrastructure from attacks and breaches originating from the Internet and external networks.

• Leverage Network Segmentation

Another way to secure your environment is to segment your internet-facing teaching applications from your other internal applications, such as your HR system. This way, if a breach or malware outbreak were to occur, the scope of impact will be limited.

• Manage 3rd Party Risk

The third-party technologies that you use in your online learning environments can pose additional vulnerabilities and risk to your enterprise network. Whether it’s your learning management system or teleconferencing tools, regardless of whether they are hosted in the cloud or on-premise, you need to ensure you perform a thorough security assessment of the vendor and their products before introducing them into your network environment.

Monitor for Malicious or Unusual Activities

Organizations new to implementing distant learning will see a significant increase in devices and external network traffic connecting to their networks. The security staff needs to be aware of any unusual login attempts, unexplainable large data transfers, or other behaviors that seem out of the norm.

Knowledge is power in protecting against adversaries

Similar to how we teach our kids to learn and memorize basic math facts to tackle more complicated math problems, we need to ensure that faculty, students, and staff understand the cybersecurity basics to ensure they remain safe. No online course is complete without having some form of cybersecurity education on the syllabus. At a minimum, faculty, students, and staff should know how to:

• Protect Their Passwords

Ensure individuals use strong passwords that are not obvious, like your birthday, or default passwords provided with devices. Never use the same password on multiple accounts and devices. And never share a password with anyone – even individuals claiming to be on the IT team.

• Keep Their Devices Up To Date

Make sure devices and applications are updated with patches, and that any antivirus/malware software is current and operational.

• Spot Social Engineering Attempts

Everyone should be taught how to spot attempts to steal personal and proprietary information vial email (phishing), texting (smishing), and phone (vishing).

• Be Wary of Public Networks

Many public places, such as cafes, hotels, and airports, offer free internet connections to jump online easily. However, while they are convenient, they may not be secured. In addition, cybercriminals will often spoof these sorts of networks. So it’s essential to check with the establishment to ensure the network is legitimate, and when possible, use a VPN connection to access or transmit data. To that end, it is essential that any distance learning tools – both the front end used by students and the back end used by teachers – support SSL VPN and strong authentication.

As we engage in distance learning, we need to ensure that we practice cyber distancing to protect ourselves from the adversary. Taking control by following these standard security practices is one of the best ways to effectively move us securely into this new distance learning norm.

Photo Source: elements.envato.com

Latest News

“FPJ’s Ang Probinsyano” And Other Favorite Kapamilya Shows Return On TV

Na-miss n'yo ba sina Cardo at ang "It's Showtime" fam? Magbabalik na sila kasama ang iba pang mga Kapamilya teleseryes! ❤

Coming Home: EDC Ensures Safe Return Of Employees Stranded Due To COVID-19 Pandemic

EDC sends stranded employees home after being stranded for 70 days due to COVID-19 pandemic.

Kiddie Show About Social Distancing Airs On Yey This June

Magbabalik sina Sakura Kinomoto at Judie Abbot sa TV screens n'yo! ✨

Pres. Duterte Wants New Team To Release Health Workers’ Compensation

“Now, I am asking Secretary Duque to form a new team that would focus on the immediate delivery of the assistance that should be given to those who were ‘yung namatay tapos ‘yung nagkasakit. And I expect it within 24 hours.”

Dagupan Tests 2K COVID-19 High-Risk Industry Workers

The city government of Dagupan begins the free antibody rapid test for COVID-19 to high-risk industry workers today.

Gov. Pineda: Pampanga’s Quarry Income To Augment Fund VS. COVID-19

Pineda said on Thursday that the income from taxes and fees in quarrying will be put into the provincial government’s general fund to help contain COVID-19.

Tricycles Still Banned On National Highways

Ngayong bawal pa rin ang mga tricycle sa highways, anong mode of transportation mo ngayong GCQ/MGCQ?