Social distancing, the wearing of face masks, practicing hand hygiene, and disinfecting often-touched surfaces have become human necessities during the pandemic era. For schools, they've also had to adapt quickly to incorporate distance learning methods that let students continue their studies.
But being in crisis management mode didn’t give higher educational institutions much time to think carefully and plan around issues concerning cybersecurity and privacy, even though it was a struggle for them pre-pandemic. The thing is, cybersecurity and privacy isn't just a job for the school’s IT department, students and staff have a responsibility to stay secure, too, especially with distance learning in full or partial effect.
So, what’s the TL;DR version?
Wondering how to stay secure while in your online classes, or doing homework? Try a multilayered approach.
What do we mean by this?
In privacy and security, a multilayered approach is about using multiple methods of security. It's considered the best way of protecting yourself, whether you’re an entity that wants to protect everything important that belongs to you or you’re a person who wants to keep their data safe. A multilayered approach is paramount because a single failure in one layer wouldn't automatically lead to the complete breakdown of security.
So, how can you create security layers to stay protected while attending classes online and/or doing homework? Before we break that down, remember that these steps not only protect you, your machine, and your data from potential cyberattacks, it also protects others as a consequence, such as your school network and everyone else who connects to it.
Protect your device
Whether you’re using your own computer or one provided by your school, it's vital that you:
- Keep your device in a space where it can be physically safe and away from potential theft, or be accessed by other people in your home or flat.
- When you need to step away from your computer, ensure that you lock your screen. You can do this by setting up a password—or, in some cases, a picture password—and never share it with anyone, so that only you can access your own machine.
- Enable a firewall on your device.
- Download and install endpoint protection if your school hasn’t provided this, and confirm it’s running in real time.
- Ensure that all software installed on your device is up to date. And while you’re at it, uninstall software you don’t use as they could become security risks if you don't update them.
- Turn off your device when not in use.
- Do non-school related browsing or other activities within a virtual environment. Using your personal computer for distance learning shouldn’t hinder you from using your computer like you normally do. But whether you keep school files on your computer or not, it's best to get used to scrolling the internet within a virtual network in your personal time. This lessens the chances of you getting your computer infected if you encounter online threats.
Protect your Wi-Fi network
Whether you’re using your own internet or the Wi-Fi hotspot your school provided, it is vital that you:
- Check you are not using your router or hotspot’s default admin credentials. Using them only makes it easier for those with ill intent to hack into your device and network.
- And, while you're there, ensure your router or hotspot is secured with a strong password—that's at least 20 random characters long. These characters shouldn’t follow a pattern. If you don’t want to sweat this out, much less remember a complicated string without writing it down, a password manager can help you with these.
- Set up a reminder to yourself to change your router or hotspot password. This will help keep potential attacks against these devices at bay. A password manager can come in handy here, too.
- Turn on your router’s firewall.
- Enable the highest encryption option available for your Wi-Fi hotspot/router, which could be the WPA2 (Wi-Fi Protected Access 2) or WPA3 (Wi-Fi Protected Access 2) protocol.
- Change your default SSID (service set identifier), which is the network name broadcasted by your wireless router for your computer and/or device to see and connect to.
- Keep your router/hotspot firmware updated.
- Disable features that would allow any device that isn’t your own to connect to the school-provided hotspot. We’re referring to WPS (Wi-Fi Protected Setup) and UPnP (Universal Plug and Play) here.
Protect your school’s network
Infecting your school’s network—whether knowingly or unknowingly—is the last thing we want to happen. Both students and staff alike are expected to adhere to rules, which may look like the following, when connecting to a school network:
- Whatever computing device you use for distance learning, make sure you scan it first with endpoint protection software before connecting to your school’s network.
- Never download and run or share files that are of questionable origin. This includes email attachments.
- Remain informed about the types of online threats students like you might encounter. This includes phishing attempts, scams, and ransomware infections.
Protect your data
- Back up your data, especially if you’re using your own computer for studying.
- Use two-factor authentication on your school-related accounts.
- Use a virtual private network (VPN) when connecting to your school’s network.
- Avoid reusing passwords.
- Never share school-related account credentials with anyone.
Protect your virtual class sessions
A number of Zoombombing attacks have happened because students shared their Zoom details with third parties via a public, social space (think Discord, Reddit, Twitter, and even Instagram). And recordings of these Zoombombings have been floating around on YouTube and Twitch.
Please do not share your Zoom or other video communication software details to anyone. It might seem fun and that there’s “no harm done there really”—plus the class gets to be suspended for the day woo!—you’re not only hindering your other classmates from learning, you’re also getting yourself in trouble.
Understand that Zoombombing is a federal offense, and anyone found involved in such an act could be prosecuted and imprisoned. Nowadays, affected schools are encouraged to report any Zoombombing incidents to law enforcement, which may include the local or state police department and the FBI’s Joint Terrorism Task Force, to kickstart investigations. Here’s a great post containing tips on how to curb Zoombombing.
College cybersecurity is a student’s responsibility, too
Schools have the duty and responsibility to physically protect their students and staff from harm, especially during this ongoing pandemic. The same is true for ensuring that students have what they need to continue their studies in the best conceivable way they can. This includes protecting systems that house confidential information and financial data.
Yet some schools are unequipped to address every cybersecurity and privacy challenge they encounter, even before COVID-19 struck. In fact, they can only do so much. Students and staff must start recognizing their part in keeping their school network safe from cyberattacks.
Security is everyone’s responsibility. And there’s no better time than today to take this duty seriously.