IT leaders must first recognize that for the foreseeable future, the complexity of software and systems will only multiply. Adding to the struggle is the volume and variety of these tools, as they shift from managing some operating systems, apps and devices to having to manage so much more. Moreover, many schools lack the bandwidth and resources to be properly prepared for a cyber security incident.
Strategies for protecting data and devices from an attack should be both technical and procedural.
As far as technology goes, using two-factor or multi-factor authentication can be effective against unauthorized access or phishing. As a precautionary measure to ensure adherence to internet safety policies, schools should turn on alerts for any suspicious activity or non-compliant devices.
Ultimately, the most fundamental strategy is promoting security awareness and user education. "Students and faculty need to be aware of the risks of being targeted by malicious actors and the risks of using online platforms," says Soto. He strongly advises all schools to create a clear and enforceable acceptable use policy so students know what is acceptable and what is not and faculty members clearly understand the guidelines for what is allowed when using remote learning platforms.
For schools lacking cyber security resources, managed security service providers can play a critical role. With the support and coordination of these vendors, a sustainable, secure and successful remote learning experience is possible. But remember—all vendors are not created equal when it comes to data privacy and security. It's important to do your due diligence when hiring a third party to manage your systems and services.
To learn more about common threats to educational institutions, explore Verizon's Data Breach Investigations Report.