How to Go Beyond Basic Cybersecurity
Even as the cyber landscape continues to evolve, many best practices remain the same. “Patch all of your software, use two-factor authentication on every account that accepts it,” Falcone says, “and don’t click links or attachments that you weren’t expecting — all are still standard advice.”
Still, Falcone adds, the standard advice only works to a certain point.
“Learning safer ways to click can help mitigate those risks,” he said. “For example, opening attachments or websites using an iPhone, iPad or Chromebook can help keep exploits from attacking your computer, as there are fewer ways for a website or attachment to take over those specific devices.”
Another solution is to hold security awareness training with faculty and staff. According to Mimecast, employees who haven’t had a recent security awareness training are 5.2 times more likely to click on malicious links.
MORE ON EDTECH: Learn how higher ed IT leaders can drive digital workplace adoption.
Get the Tools That Help Prevent Phishing
Multifactor authentication and the use of strong and frequently changed passwords have always been important. But these two routine practices are even more crucial today.
In May, the FBI and the Cybersecurity and Infrastructure Security Agency issued a warning that COVID-19 research organizations — including colleges and universities —are major targets for foreign espionage hackers.
“Using a security key such as a YubiKey as your second factor instead of a texted, one-time password can help a great deal with stopping sophisticated phishing attacks,” Falcone says. “The key verifies that you are talking to the real web page before logging you in.”
Since some phishing emails contain software that record a user’s online activities, increasing VPN capacity is another way to protect remote users from cyberthreats. However, because VPNs are not designed to handle the network connections of large remote workforces, it’s helpful to find a solution that increases VPN bandwidth.
Above all, it’s essential to consistently update all VPN software programs with the most current security patches. While it’s impossible to completely secure a network, taking these cautionary steps can significantly reduce security risks for higher ed institutions.
MORE ON EDTECH: Learn how artificial intelligence can solve cybersecurity staffing shortages.
One University’s Best Practices for Remote Security Awareness
Here are some security awareness tips that the University of Washington offers for its remote faculty, staff and students:
- Keep your systems and data in the family. When working with university information, use university devices and systems whenever possible. Don’t store university information on nonuniversity devices.
- Download and save wisely. Delete sensitive university information that’s accidentally downloaded onto personal devices. Delete locally saved files from public or shared computers.
- Stay updated. Keep systems and software up to date by enabling automatic updates for your operating system and applications.
- Sometimes it’s better to forget. When accessing university data, don’t use the “remember my password” feature.
- Scan for danger. Use anti-virus software to scan portable storage devices like thumb drives or external hard drives containing university information.
- Encrypt it. Encrypt university information stored on portable devices, such as laptops.
- Collaborate securely. Use collaboration tools that are appropriate for information sensitivity. For example, Microsoft Teams, a communication and collaboration platform that includes file storage, direct messaging and group chat, complies with both HIPAA and the Family Educational Rights and Privacy Act.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.