6 Factors Impacting Information Security and Privacy During the COVID-19 Crisis

6 Factors Impacting Information Security and Privacy During the COVID-19 Crisis

In these uncertain times, it's important to consider the ways crisis response is influencing the security and privacy of institutional systems and data.

To say the COVID-19 pandemic has been a disruption feels like an understatement. The impact we have seen and experienced in our otherwise everyday lives has been far-reaching, overwhelming, inspiring and without question more often than not, challenging. For those in higher education — faculty, staff, students and their surrounding communities — it's hard to envision a time when traditions of the academy will be restored to a point we all fondly remember.

That said, the herculean efforts put forth by all parties across higher education to meet the challenges presented to us as a result of adapting to the COVID-19 pandemic have been nothing short of impressive and revolutionary. In as little as a few weeks, institutions built on the tradition of face-to-face instruction and campus engagement had their entire world upended by nearly instantly moving to remote instruction, remote working and remote student engagement. While the success stories are limitless and those involved truly haven shown their spirit and commitment to education and student success in ways that will never be fully documented, we have learned a lot too.

The importance of information security and privacy has been a hot topic and growth opportunity for many higher education institutions across the country for years. With the introduction of global influences such as GDPR, national and local legislation, and the general geo-political climate, our efforts in this space are simply no longer a want, but a need. This has never been clearer than in the current environment in which we find ourselves: managing an unprecedented crisis during uncertain times. We all now know, simply trying to conduct business as usual until we return to a more normal or familiar time is no longer an advisable path forward.

During this crisis, over a relatively short amount of time we have learned a lot about our institutions' information security posture, as well as those we support and the data we protect. In otherwise chaotic times, it is important to reflect on where we were (pre-crisis), where we are (managing the crisis), and where we need to be (post-crisis) as it relates to all the services and systems we are responsible for — but especially in response to what the last several weeks have presented. While each institution's experience is likely individualized and hardly standard, as you recount your lessons learned and future planning, consider the following factors influencing security and privacy during this crisis.

1. Expediency of the Migration to Remote
The classic project management philosophy dictates that projects can only be two out of three things: cheap, fast or good. In the current situation, fast was the mandate, so we were left with just two options: 1. Some of the efforts that were put forth came at an expense that will now need to be accounted for in already strapped budgetary times (in other words, good but not cheap), or 2. The quality of the solution might reflect its intention as a temporary option or the solution lacks a sustainable business or support plan beyond the immediate (cheap but not good). It is always worth remembering, while information security is a critical piece to maintaining a reliable and productive enterprise operation, it can sometimes be left behind if you don't already have processes and systems in place that build in those principles in all phases and not as a secondary consideration.

2. Enhanced Vendor Accommodations
The solution and service provider response during this time has been unlike anything I've seen before — and without it, institutions would likely be struggling to offer services and support to a user population that no longer resides or has a presence on campus. In a lot of ways, the licensing and access that has been afforded to us (temporarily) by many of our vendors/partners is likely what we always wished we had or could afford all the time! But this also is a cautionary tale for many because with those looser or more generous access options, you may find yourself in a situation where users are accessing and managing university data and information in ways that you no longer have oversight or visibility into.

3. Supporting a Fully Remote User Population
The proliferation of "free" software and web applications available to the user population is nearly endless right now, and ensuring every solution is vetted or integrated with a single sign-on solution simply isn't feasible. As a result, we may find that many are creating accounts using their university-managed e-mail address (and likely a similar password) on systems with vulnerabilities that, in different times, might have been handled by those responsible for ensuring user security and system safeguards. This abundant access to niche solutions also creates opportunities for users to veer away from enterprise-level supported and licensed software. Now more than ever we should be promoting the tools available to our users, and more importantly how to use them.

4. Shared Access to Technology
The increased demand for technology and internet service is unprecedented. Nearly all populations on campus are looking for ways to ensure they are meeting work-from-home demands, home schooling, etc., often with limited supply of technology means in their homes. It's also not uncommon, understandably so, for many of us to have to be creative with who is using that technology and how. A change in otherwise predictable user behavior is a primer for additional exposure to information security challenges and vulnerabilities. Whether it be ensuring applications are properly logged out, sessions are ended, etc., managing a machine that is shared by many creates vulnerability to the data owner, but also challenges their privacy.

5. Access to the Internet
Similar to the extremely generous and vital offerings of many other solution providers, nearly all local internet service providers (broadband and cellular) are offering drive-up hotspots with free, public WiFi for users who otherwise have limited or no access to the internet. Obviously, this is a critical piece to anyone's success, whether it be someone working remotely or a student completing their studies. The need for high-speed and reliable internet access has never been higher. That said, consider the slightly less obvious risk this may present in protecting one's electronic footprint and data privacy. An open, public WiFi signal is already a vulnerability in any conditions, but the increased demand and propensity for doing more secure activities on that signal makes this an area of concern that should be addressed through promoting VPN use, encryption, etc.

6. Limited Operations and Reduced Funding
Most of us throughout higher education already have felt the struggle and strain of limited budgets, shrinking staffs, etc. But often some of the most inspiring stories reflect the great things many are doing in spite of those conditions. While it's still unknown the level of impact this crisis will have across the higher education landscape long-term, we do know that in the moment many are experiencing hiring freezes and budget cuts or moratoriums. This, of course, affects all aspects of life on campus and beyond, but is most certainly impacting how many are managing, monitoring and remediating increased information security risks. Not to mention handling the increased vulnerabilities associated with further delaying and relying on aging infrastructures and systems that were otherwise due for replacement or upgrade. With these limitations, it is important to ensure you are adapting and prioritizing your information security planning equal to the risk appetite your institution expects.

Looking to the Future
As you reflect on the last few months and look to what lies ahead, it's important to resist the urge to let this crisis control the narrative of what can be accomplished. Consider using this time of uncertainty as a pivot point and a launching pad to re-envision information security at your institution. In short, in the world of information security and privacy, the standard is still the standard. So whether you are determined to:

Revisit old service agreements and contracts to ensure compliance;
Ramp up your user awareness and adopt new policies and procedures; or
Reprioritize your strategic plans based on lessons learned and a new climate …
Don't wait. Soon the technical firefighting spawned from the COVID-19 pandemic will wane, and a new normal will emerge as we return to campus. The sooner we are able to begin adapting from what we have learned, the better our resolve for ensuring we maintain the standard of security those across higher education have come to need and expect.

Featured

  • Door Hardware and Campus Security: Enhancing Safety in Schools

    The importance of investing in school safety cannot be overstated, but knowing where to start implementation of school safety features can be a challenge. A recent survey by the National Center on Education Statistics found that a quarter of U.S. public schools have classrooms with doors that can't be locked from the inside. Even among schools with doors that do lock, recent legislation reflects a common misconception that simply keeping the doors locked all day will eliminate the potential for an attack, in direct violation of PASS (Partner Alliance for Safer Schools) Guidelines. Read Now

  • Brigham Young University Strengthens Campus Security With Genetec Operations Center

    Genetec Inc, a provider of enterprise physical security software, announced that Brigham Young University's (BYU) has optimized its security operations with the Genetec™ Operations Center work management system. Read Now

  • AI-based Risk Mitigation: The Next Advancement in Video Surveillance and Public Safety

    Safety is at the forefront of every organization and covers a gamut of scenarios, not just weapon-fueled lethal threats. It also includes smaller-scale and everyday situations like slipping hazards, fallen persons, unauthorized vehicles, and more. These issues cause disruptions in daily operations and cost companies and facilities money and downtime, so a fully realized security plan must involve actions that facility personnel should take once a hazard of any size occurs. Informing everyone that a hazard exists, where it’s located, and what actions to take is imperative for maintaining personal safety. Read Now

  • Fort Worth ISD Strengthens Event Safety

    The issue of concealed weapons being introduced into school extracurricular activities, including sporting events and graduations, became a growing concern in communities across the nation. According to the K-12 School Shooting Database, there were at least 202 incidents of gunfire on school grounds in 2024 across the United States, resulting in 56 deaths and 147 injuries, underscoring the urgent need for enhanced safety protocols. Read Now