We all know that most office workers have spent the past two months working from home trying to carve out a secure work environment with pets, kids, and spouses coming and going. Zoom meetings are conducted from closets and kitchen tables, while tablets and laptops are sometimes shared. All of these world-turned-upside changes makes for a potential Petri dish of cybersecurity issues at home.

But office workers aren’t the only ones grappling with this new reality. Millions of students have also been working from home, along with teachers and support staff. And that comes with its own set of cybersecurity headaches.

Some MSPs have portfolios with many educational clients, so we thought we’d take a look at some of the cybersecurity issues unique to MSPs and schools during this new work-from-home era.

Beware of ransomware

Cybersecurity experts warned this month that schools are especially vulnerable to ransomware right now. If a hacker successfully manages to shut down a school’s systems while everyone is working remotely, then school essentially stops. Some schools have had to pay a ransom to get their data back.

These experts believe the chances of threat actors targeting educational institutions with a ransomware attack is higher than ever during the COVID-19 crisis, when cyber-classrooms are without necessary security protections. Ransomware is just the tip of the iceberg; schools have all sorts of vulnerabilities now.

Smarter MSP caught up with Bill Barge, Associate Professor in the Department of Computer Science and Information Technology at Trine University in Angola, Indiana, to talk about what MSPs can do to keep their education clients safe.

MSPs with education clients aren’t just dealing with the usual outside threats but the internal threats posed by cyber-savvy young adults who know their way around firewalls and virtual landscapes.

As far as outside attacks go, Barge says students at Trine University are not being inundated with college-related phishing attempts. Hackers would view students as ripe opportunities for emails entitled “Please contact the Bursar’s office” about tuition refunds or class changes due to COVID-19. But Barge states his university’s email filtering system has been working well.

“The school has been proactive in educating faculty, staff, and students about online risks, including phishing. We have quarterly training session and they need to pass exams or go through the training again,” Barge adds.

Students who are using their school’s network or email system generally enjoy the same protections at home.

“The traffic entering and exiting the school’s network all go through at least a router and a firewall which looks at where the traffic came from and where it is going. Anything suspicious can be blocked,” Barge asserts.

Watch the routers

It’s when students use their home router on a school-issued laptop that there can be a potential for breaches. Barge says that most home-users use a combination router and switch access point, which may have a weak or non-existent firewall compared to the more rigorous protections offered at school.

“This lack of firewall protection may increase the chance that malicious traffic infects a school-owned laptop, and, through that laptop, a school server,” Barge asserts, and from there, the hacker can gain access to all sorts of unprotected areas and wreak havoc. So MSPs need to work with campus IT to audit and examine all school-owned laptops and devices when brought back to campus.

Another hazard of all these students working from home is that various ISPs may scan all the traffic passing through its equipment and may even read or save the content of the traffic.

“I tell my classes that sending an unencrypted email through the Internet is like sending a postcard through the US Mail,” Barge states.

“Now, with thousands of faculty, staff, and students generating who knows how much-unencrypted traffic through who knows how many ISPs, the chance that something confidential being compromised increases.”

Student grades, teacher comments, exam answers, and financial information can all be exposed. MSPs need to keep this potential compromise at the forefront when dealing with their campus clients.

Photo: William Potter / Shutterstock

Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

Leave a reply

Your email address will not be published. Required fields are marked *