As the school year wrapped in May and June, higher education administrators immediately began re-entry planning for the 2020-2021 academic period, amid the COVID-19 pandemic increasing in severity across the U.S. As some schools re-open, certain regions are seeing declining infections, yet a handful of states are experiencing spikes in cases and revisiting or even rolling back re-opening plans.
With more than 6,600 cases linked to colleges nationwide, significant risk remains around returning to campus. This, of course, is making distance learning a very real possibility for many students. Harvard, University of Washington, Princeton, and Rutgers are expected to be mostly or fully remote, for example, while schools like Carnegie Mellon University, University of Michigan, and the California Institute of Technology will pursue a combination of remote and in-person coursework.
Unfortunately, the pandemic has led to cybercrime quadrupling, as schools and businesses shift and adjust to remote models. But for cyberattackers, it’s just another day at the office, and they are out to exploit uncertainty and catch any person or organization off-guard that isn't prepared.
These major changes impact students’ school experiences and remote employees’ productivity. Security professionals can incorporate a few simple items to make the remote experience safer, more secure and more productive. Here’s the “shopping list” that should be on every CSOs desk right now, and translates across higher education institutions, corporations and more.
Webcam covers
Video calls are becoming a social, work and learning norm, so webcams are being used more than ever. Unfortunately, even if you click out of a video/photo application, your camera could still be running. Though it sounds like an episode of Black Mirror, malware that enables hackers to take over computer cameras and watch what’s happening from afar has been around for decades. It’s known as ‘camfecting.’
While there are high-tech ways to detect and prevent it, the simplest way to guard against this is to use a webcam cover that you can slide back over your camera when your calls are done. In this case, it’s better safe than sorry. Be sure employees have access to webcam covers and educate them on when/how to use it.
Antivirus and mobile security software
Anti-virus/anti-malware software is definitely a worthwhile purchase for employees working and researching on their home WiFi. There are some free versions from popular vendors, but particularly for organizations, it important to pay for a subscription for that extra layer of protection.
Investing in a mobile security solution should also be considered, as mobile devices often replace the traditional workstation or laptop for remote employees. These packages can even scan the WiFi system the device is connected to, to ensure that it has not been tampered with.
In addition, don’t forget to patch any software — and encourage employees to update computer and phone as soon as the notification pops up. This can help protect systems across the enterprise as well.
Data backup
For many organizations, it’s essential to keep work accessible at all times. Some organizations may provide a cloud storage account to employees. In addition to saving space and making files available across multiple devices, cloud storage services can also be an additional security buffer, in case a laptop or tablet does get hacked, lost, or stolen. And they auto-save frequently, so no more lost work due to not hitting Control-S.
In addition, it’s a good idea to educate employees on turning on auto-sync features to help replicate files between the hard drive and the cloud, though this runs the risk of using up local storage space quickly. Providing an external hard drive is a quick-fix option if the device’s storage is already tight.
Multi-factor authentication
With sensitive documents and work residing in these cloud accounts, it’s also essential to implement multi-factor authentication (MFA) wherever possible. This approach requires an extra step to verify an identity beyond a username and password using something the user knows (such as a text code), something they have (such as a smartphone), or something they are (such as a face or fingerprint scan). This should be a default requirement for all storage accounts.
Password manager
Finally, with multiple logins to remote learning applications, video conferencing tools, email, storage accounts and more, a password manager is an easy way to ensure employees are using complex passwords. Many tools create lengthy, unique passwords for each site and store them securely so you don’t have to keep a bunch of random letters, numbers and symbols in your head (or worse, on a sheet of paper or post-it notes) at all times. Some solutions will also advise the user if one of the passwords has potentially been compromised in a data breach and prompt them to change it immediately.
According to a recent survey by Google, 52% of respondents admitted that they use one "favorite" password repeatedly for multiple accounts. Thus, by using a password manager, you can protect employees and the organization against credential stuffing attacks, in which hackers take login details pulled from previously breached websites to log into users’ accounts on other, unaffected sites. It also helps prevent brute force attacks, where bad actors try to guess passwords using known patterns and details about the person.
While higher education institutions and organizations are responsible for vetting the security of the applications they choose for their enterprise, these simple hacks, coupled with educating the employees on how to use them, can make remote work transitioning safer and smoother now and in the future.