Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, urges educational institutions in Malaysia to enforce strong cyber security measures and best practices to thwart potential cyber-attacks from hackers and cybercriminals.
The global Covid-19 pandemic has led to closure of schools and universities, impacting millions of students. It is estimated that 70 percent of students are currently doing some form of online education. In Malaysia, some 4.9 million school students and 1.2 million in higher learning institutions across public and private universities, polytechnics and community colleges have been affected. Educational institutions have responded to the closure by moving their classes to online platforms to ensure that students can study remotely. However, Fortinet warns that hasty implementation of educational technology and online learning could pose privacy issues and security risks if online activities are not closely monitored.
“Educational institutions have long been a target by adversaries. But the sudden shift to distance learning has created additional risk for institutions and opens up potential opportunities for the adversary. These cybercriminals are more motivated than ever to steal financial information, intellectual property, or simply be disruptive,” said Alex Loh, Country Manager for Fortinet Malaysia.
There have been recent reports of malicious actors hijacking Zoom video teleconference calls and delivering offensive content to online classes in several countries including Singapore and United States.
“Schools are scrambling to not only build the content for their courses; but also the distance learning infrastructure required to ensure all of their faculty and students have remote access to this content. The challenge they face is how to do this at scale and securely,” added Loh.
Securing the Learning Environment
There are several key steps every educational institution needs to implement in order to maintain an effective distance learning environment while keeping their cyber adversaries at bay:
- Provide Strong Authentication: It is essential to apply strong password policies that enforce account lockout after failed attempts of password guessing. Enable multi-factor authentication where possible to prevent the misuse of stolen passwords.
- Protect Web Applications: Scan external sites for security flaws such as cross-site scripting errors and SQL injections and encrypt the traffic between learning systems and users. Deploy a web application firewall (WAF) to protect web application servers and the infrastructure from attacks and breaches originating from the Internet and external networks.
- Leverage Network Segmentation: Segment Internet-facing teaching applications from other internal applications, such as the HR system. This way, if a breach or malware outbreak were to occur, the scope of impact will be limited.
- Manage 3rd Party Risk: Regardless of learning management system or teleconferencing tools, ensure a thorough security assessment is performed on any 3rd party security tool and products before introducing them into the network environment.
- Monitor for Malicious or Unusual Activities: Security team needs to be aware of any unusual login attempts, unexplainable large data transfers, or other behaviors that seem out of the norm.
Knowledge is Power in Protecting against Adversaries
Both academic staff and students must be educated on the basics of good cyber hygiene. As a minimum requirement, Fortinet recommends the following security best practices:
- Protect Their Passwords: Ensure faculty staff members and students use strong passwords that are not obvious, like birthday, or default passwords provided by devices. Never use the same password on multiple accounts and devices. And never share a password with anyone.
- Keep Devices Up To Date: Make sure devices and applications are updated with patches, and that any antivirus/malware software is current and operational.
- Spot Social Engineering Attempts: All users should be taught how to spot attempts to steal personal and proprietary information via email (phishing), texting (smishing), and phone (vishing).
- Be Wary of Public Networks: Use a VPN connection to access or transmit data. Therefore, it is essential that any distance learning tools – both the front end used by students and the back end used by teachers – support SSL VPN and strong authentication.
“As we engage in distance learning, we need to ensure that we practice cyber distancing to protect ourselves from the adversary. Adopting best security practices is vital to enable a secured distance learning experience,” concluded Loh.