According to US News and World Report, most colleges and universities are planning on moving back to some form of in-person classes this coming fall, after over a year of remote learning due to the COVID-19 pandemic. Faculty, staff, and students will be returning to campus after more than 15 months of sitting behind screens; in other words, they will be returning to campus computers, servers, and networks after extended periods of time away from your IT department’s firewalls, virus scanners, and security reminders. This return to campus is an excellent opportunity to refresh your cybersecurity program and awareness training.
As community members return to campus, take advantage of that “first day of school” feeling – faculty and staff, just like students, will be in a learning mindset and may be more open to cybersecurity awareness training. The IRS has warned of increased phishing attacks targeting .edu email addresses, so instruction on recognizing and avoiding cybersecurity threats is essential.
This transitional period from remote to in-person learning is also an opportunity to make changes to cybersecurity procedures. Our experts recommend that institutions consider removing local admin privileges campus-issued faculty and staff devices and requiring device authentication for users who want to connect to campus networks. Senior Security Specialist Brian Murphy says even known devices have been away from campus networks for long enough that you can’t be sure what they’re carrying. He recommends that you should treat every device returning to campus as a new device.
Institutions have made some strides in cybersecurity during remote learning: we’ve seen several schools do an excellent job implementing two-factor authentication and identity management. It’s vital to keep these efforts up: 100% of the email compromise incidents GreyCastle Security responded to in 2019 could have been prevented by 2FA. You can even take it further, logging account location and activity to monitor for suspicious access. Between the increased IRS scams, the FBI warning about ransomware attacks targeting higher education institutions, and evolving compliance regulations with the GLBA, FERPA, and FSA, colleges and universities should absolutely be taking a closer look at their cybersecurity programs. The upcoming return to in-person classes is an excellent opportunity to do so, but with IT budgets trending down, you may not have the resources to handle it on your own. Consider bringing on a qualified cybersecurity partner, like GreyCastle Security, to guide you through the process.