The internet and the subsequent online revolution have led to the digitization of almost every aspect of human life; education is no different. Although traditional colleges are still the top choice for most students, it is hard to ignore the growing popularity of online education. Massive Open Online Course (MOOC) platforms, such as Coursera, Udacity and edX, enable users to receive an education for a subsidized price or, in some cases, for free.
The two most important advantages of online learning are flexibility and affordability. Flexibility enables students to access lectures on an on-demand basis, which helps them more easily juggle their family time and responsibilities, jobs and courseloads. The other major draw is the affordability of online learning; online classes are substantially cheaper than those of traditional colleges. The reach of online learning is vast; it allows students (regardless of their background) to receive an education at a reasonable cost. This education indirectly helps them obtain a better standard of living.
However, it is important to note that online learning has disadvantages as well, at least from a cybersecurity perspective. Online classes are more vulnerable to cyberattacks compared to traditional classes, specifically from an endpoint security, privacy and process perspective. Cyberrisk that can jeopardize the safety of online learners includes:
- Malicious software
- Hacking, ransomware and denial of service attacks
- Spoofing, fraud and data theft
- Confidentiality and integrity issues
- Human errors
These issues negatively affect productivity and could also become liabilities to educational institutions, if not curtailed. A major data privacy and security law that governs education-related data incidents is the US Family Educational Rights and Privacy Act (FERPA). It forbids the disclosure of confidential student information (e.g., name, student identification number or Social Security Number) without the student’s or authorized party’s written consent.
In the US, there has been an increase in ransomware attacks targeted at educational institutions. Unfortunately, a lack of funds holds schools back from conducting the required security training. However, some easily implementable steps to help secure the educational infrastructure include:
- Enabling 2 factor authentication (2FA)
- Installing and regularly updating antivirus software
- End user training
- Backing up data
End user training is the most important, and it can be done in a cost-effective manner such as by hosting student competitions where cybersecurity is the theme, conducting hackathons and offering coding classes. This builds a student team for cyberdefense and also increases awareness about science, technology, engineering and mathematics (STEM) careers, primarily those related to computer science.
End user training makes students and faculty aware of social engineering attacks such as phishing or spoofing, which involve psychological manipulation or fooling someone in order to obtain their credentials or access to their sensitive data. End user training also helps schools attain compliance with privacy legislations such as FERPA.
Timely data backups are an important security control and they enable institutions to use the most recent backed-up data to restore business operations in case of a ransomware attack. Other common and effective technical security controls include implementing 2FA to log into the school network and applications as well as requiring all systems to have antivirus software installed (along with regular updates) to ensure that the systems are regularly scanned for any malicious viruses, worms or software that could potentially cause security incidents.
Digitization of education is an exciting opportunity that has enabled more students (regardless of their background) to access high-quality education. However, it is critical that institutions circumvent cybersecurity challenges via proper security controls and training to maximize the benefits of digitized education.
Editor’s note: For further insights on this topic, read Glorin Sebastian’s Journal article, “The Changing Face of Education: Risk, Security and Process Around Distance Learning,” ISACA Journal, volume 4, 2021.
ISACA Journal Turns 50 This Year! Celebrate with us—and don’t forget you can still receive the print copy by visiting your preference center and opting in!