Creating An eLearning Cybersecurity Plan
Training and learning platforms are often considered one of the earlier adopters of the internet and cloud technology, a trend that has accelerated over the last 20 years. eLearning has flourished with exclusively online content that can be consumed by a global audience. The COVID-19 pandemic has accelerated the need for more and more eLearning businesses to evolve and adapt to the very latest cloud technologies.
Greater connectivity and enhanced interoperability demand that content is delivered in a secure and private information stream. It can be argued that the need for a strong cybersecurity policy is a cornerstone requirement for an eLearning institution, especially when considering that the systems of a typical learning platform will have significant quantities of personally identifiable information, such as names, addresses, phone numbers, bank card details, and so on.
Cybersecurity is incredibly important to any modern business, recent events that unfolded in the United States in December 2020 highlight this to the extreme when the cybersecurity industry was rocked by the SolarWinds Hack. To briefly recap, on December 13th, 2020, a supply chain cyberattack was uncovered that in effect gave malicious hackers access to multiple US government and tech giant IT systems.
These events have brought extra attention to the cybersecurity planning of the eLearning industry. In this article, we will discuss how to create a cybersecurity plan that specifically protects the eLearning community.
Get Senior Management Buy-In
All successful cybersecurity programs need the senior leadership team backing to be successful, it may require investment in new technology, perhaps hiring new security professionals, and it will almost certainly require a culture change inside the business to flourish. Elements that the SLT can not only progress but also challenge other SLT members who may oppose the transition.
Does PICERL Apply To eLearning?
Anyone who is involved in cybersecurity will likely have heard of the PICERL framework, if you’re not familiar, it stands for:
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned
The framework was created to standardize how businesses respond to a cybersecurity threat. eLearning businesses can adopt this model to create a successful cybersecurity plan.
Preparation
Know your eLearning platform and understand the threat landscape to your business. What this means is to document and know where any sensitive client data is stored and put in measures to reduce the risk of a data breach. This will typically involve encryption, Multi-Factor Authentication (MFA), and securing traffic to the data using User Access Controls and a defined network firewall.
Servers and applications must be patched to the latest security levels, and security training should be offered to all employees.
The preparation that goes into a cybersecurity plan is arguably the most important step of the entire process. In an ideal world, you will only ever need to prepare for an incident, rather than respond and recover. Nevertheless, each part of the plan needs careful consideration.
It starts with knowing exactly what IT infrastructure you’ve got, creating a system inventory of all digital assets, and completing a cybersecurity risk analysis on systems and processes currently in use.
This process helps to create a baseline, a line in the sand, an understanding of exactly what the current landscape looks like and what needs to change. It marks the starting point of the cybersecurity journey, every improvement made can be benchmarked as the security landscape improves over time.
The plan should audit existing environments and incorporate a strategy to ditch end-of-life operating systems, patch infrastructure, applications, and harden security processes (or create them if they don’t already exist!).
Identify
The eLearning platform must have the ability to identify cyberattacks using Intrusion Protection Systems (IPS), SIEM event handling, and endpoint solutions. Conducting vulnerability scanning to actively look for problems with your website, your code or your infrastructure will yield significant benefits.
If threats are identified, expertise is needed to plug the gap and protect the platform.
Many steps can be taken to protect your investment, they might seem like common sense, but you would be surprised how many people do not get the basics right the first time. Antivirus endpoint protection is a proven defense against intrusion and provided the signatures are kept up to date, it is one of the best defenses against malware.
Ensure you are using modern, manufacturer-supported operating systems and keep them up to date with the latest security updates. Train all employees about cybersecurity risks and how to look out for phishing, scams, and fake websites. An employee is normally the first line of defense and must be security conscious.
Implement intrusion protection systems that actively monitor production networks for out-of-the-ordinary activity, constantly logging detailed information to a SIEM application. SIEM can parse huge volumes of activity logs and generate intelligence-driven alerts. Automated tickets can be created and emailed to security personnel to highlight when user intervention is needed, such as validating unexpected user logon activity.
Containment
In the event a confirmed data breach or cybersecurity incident is identified, containing the incident is essential. Administrative procedures must be in place so personnel knows what the chain of events to contain an incident is. Clear communication channels should exist between employees, managers, and customers.
Detailed logging tools will allow the engineering teams to identify the risk, the source of the breach, and the potential impact of the unfolding event.
If the worst does happen and your systems are breached or server access is compromised, quick decisive action is needed. The cybersecurity plan should contain pre-designed business continuity steps to be taken. Does the business shut down network access to compromised systems, do you invoke a disaster recovery solution at a secondary location, or do you restore from backup? Write it down, make it happen.
The answers may differ depending on the scenario, but the common requirements are not to allow the risk to spread. Enforce system-wide credential changes, change any shared certificates and recycle secret keys used when consuming cloud resources.
Eradication
This stage of the cybersecurity plan is one that you hope never unfolds, it will only develop if a confirmed cyberattack is identified. Eradicating the threat might involve several things, in most cases, restoring from backup is the quickest way to get the eLearning platform back up and running, but your cloud provider might have a disaster recovery managed service that enables your infrastructure to failover to an alternative location, the users will unlikely notice that there is even a problem.
Broadly speaking, the eradication phase involves the removal of the threat from the IT infrastructure and getting systems back up and running. This is usually achieved by restoring systems from backup; to assist, the business may be able to invoke a disaster recovery solution to run the production workloads while the systems are restored.
The aim is to eliminate the threat to data, networks, and systems by making sure everything is fixed before restoring things to normal. It is usually at this stage that a root cause analysis is conducted to find the cause of the cybersecurity breach, systems may need patching, network rules tightening up, and malware removed.
Recovery
Disaster recovery initiatives will enable rapid recovery of the eLearning platform, however, open communications must continue to understand the impact of the cyberattack. To make recovery a success, understanding what causes the attack is essential.
Extensive system testing will be needed to understand if any data loss has been experienced. This may also include public relations, talking to customers, talking to the media to bring everyone up to speed with what has happened.
It is an opportunity to build consumer confidence, it may involve bringing on board a third-party security consultancy firm for a top to bottom review of the business, perhaps introducing pen testing and vulnerability scanning to reassure customers.
Learning
To help the business recover and learn from any incident, it is important to conduct a top to bottom review of the incident, all personnel involved at any stage of the incident must attend, and the meeting should take place no later than one week after the event.
Use this lesson learned activity not to point fingers, but to create a roadmap to make sure nothing like this ever happens again.
Conclusion
The steps we have highlighted above have been followed by the letter by companies that have been the victims of recent cyberattacks. We hope that your eLearning business will never have to experience this, but preparation is the key. 95% of cyberattacks are the result of human error, this proves that having checks and balances in place and a robust business cybersecurity plan is essential to reduce this risk.