6 Factors Impacting Information Security and Privacy During the COVID-19 Crisis

6 Factors Impacting Information Security and Privacy During the COVID-19 Crisis

In these uncertain times, it's important to consider the ways crisis response is influencing the security and privacy of institutional systems and data.

To say the COVID-19 pandemic has been a disruption feels like an understatement. The impact we have seen and experienced in our otherwise everyday lives has been far-reaching, overwhelming, inspiring and without question more often than not, challenging. For those in higher education — faculty, staff, students and their surrounding communities — it's hard to envision a time when traditions of the academy will be restored to a point we all fondly remember.

That said, the herculean efforts put forth by all parties across higher education to meet the challenges presented to us as a result of adapting to the COVID-19 pandemic have been nothing short of impressive and revolutionary. In as little as a few weeks, institutions built on the tradition of face-to-face instruction and campus engagement had their entire world upended by nearly instantly moving to remote instruction, remote working and remote student engagement. While the success stories are limitless and those involved truly haven shown their spirit and commitment to education and student success in ways that will never be fully documented, we have learned a lot too.

The importance of information security and privacy has been a hot topic and growth opportunity for many higher education institutions across the country for years. With the introduction of global influences such as GDPR, national and local legislation, and the general geo-political climate, our efforts in this space are simply no longer a want, but a need. This has never been clearer than in the current environment in which we find ourselves: managing an unprecedented crisis during uncertain times. We all now know, simply trying to conduct business as usual until we return to a more normal or familiar time is no longer an advisable path forward.

During this crisis, over a relatively short amount of time we have learned a lot about our institutions' information security posture, as well as those we support and the data we protect. In otherwise chaotic times, it is important to reflect on where we were (pre-crisis), where we are (managing the crisis), and where we need to be (post-crisis) as it relates to all the services and systems we are responsible for — but especially in response to what the last several weeks have presented. While each institution's experience is likely individualized and hardly standard, as you recount your lessons learned and future planning, consider the following factors influencing security and privacy during this crisis.

1. Expediency of the Migration to Remote
The classic project management philosophy dictates that projects can only be two out of three things: cheap, fast or good. In the current situation, fast was the mandate, so we were left with just two options: 1. Some of the efforts that were put forth came at an expense that will now need to be accounted for in already strapped budgetary times (in other words, good but not cheap), or 2. The quality of the solution might reflect its intention as a temporary option or the solution lacks a sustainable business or support plan beyond the immediate (cheap but not good). It is always worth remembering, while information security is a critical piece to maintaining a reliable and productive enterprise operation, it can sometimes be left behind if you don't already have processes and systems in place that build in those principles in all phases and not as a secondary consideration.

2. Enhanced Vendor Accommodations
The solution and service provider response during this time has been unlike anything I've seen before — and without it, institutions would likely be struggling to offer services and support to a user population that no longer resides or has a presence on campus. In a lot of ways, the licensing and access that has been afforded to us (temporarily) by many of our vendors/partners is likely what we always wished we had or could afford all the time! But this also is a cautionary tale for many because with those looser or more generous access options, you may find yourself in a situation where users are accessing and managing university data and information in ways that you no longer have oversight or visibility into.

3. Supporting a Fully Remote User Population
The proliferation of "free" software and web applications available to the user population is nearly endless right now, and ensuring every solution is vetted or integrated with a single sign-on solution simply isn't feasible. As a result, we may find that many are creating accounts using their university-managed e-mail address (and likely a similar password) on systems with vulnerabilities that, in different times, might have been handled by those responsible for ensuring user security and system safeguards. This abundant access to niche solutions also creates opportunities for users to veer away from enterprise-level supported and licensed software. Now more than ever we should be promoting the tools available to our users, and more importantly how to use them.

4. Shared Access to Technology
The increased demand for technology and internet service is unprecedented. Nearly all populations on campus are looking for ways to ensure they are meeting work-from-home demands, home schooling, etc., often with limited supply of technology means in their homes. It's also not uncommon, understandably so, for many of us to have to be creative with who is using that technology and how. A change in otherwise predictable user behavior is a primer for additional exposure to information security challenges and vulnerabilities. Whether it be ensuring applications are properly logged out, sessions are ended, etc., managing a machine that is shared by many creates vulnerability to the data owner, but also challenges their privacy.

5. Access to the Internet
Similar to the extremely generous and vital offerings of many other solution providers, nearly all local internet service providers (broadband and cellular) are offering drive-up hotspots with free, public WiFi for users who otherwise have limited or no access to the internet. Obviously, this is a critical piece to anyone's success, whether it be someone working remotely or a student completing their studies. The need for high-speed and reliable internet access has never been higher. That said, consider the slightly less obvious risk this may present in protecting one's electronic footprint and data privacy. An open, public WiFi signal is already a vulnerability in any conditions, but the increased demand and propensity for doing more secure activities on that signal makes this an area of concern that should be addressed through promoting VPN use, encryption, etc.

6. Limited Operations and Reduced Funding
Most of us throughout higher education already have felt the struggle and strain of limited budgets, shrinking staffs, etc. But often some of the most inspiring stories reflect the great things many are doing in spite of those conditions. While it's still unknown the level of impact this crisis will have across the higher education landscape long-term, we do know that in the moment many are experiencing hiring freezes and budget cuts or moratoriums. This, of course, affects all aspects of life on campus and beyond, but is most certainly impacting how many are managing, monitoring and remediating increased information security risks. Not to mention handling the increased vulnerabilities associated with further delaying and relying on aging infrastructures and systems that were otherwise due for replacement or upgrade. With these limitations, it is important to ensure you are adapting and prioritizing your information security planning equal to the risk appetite your institution expects.

Looking to the Future
As you reflect on the last few months and look to what lies ahead, it's important to resist the urge to let this crisis control the narrative of what can be accomplished. Consider using this time of uncertainty as a pivot point and a launching pad to re-envision information security at your institution. In short, in the world of information security and privacy, the standard is still the standard. So whether you are determined to:

Revisit old service agreements and contracts to ensure compliance;
Ramp up your user awareness and adopt new policies and procedures; or
Reprioritize your strategic plans based on lessons learned and a new climate …
Don't wait. Soon the technical firefighting spawned from the COVID-19 pandemic will wane, and a new normal will emerge as we return to campus. The sooner we are able to begin adapting from what we have learned, the better our resolve for ensuring we maintain the standard of security those across higher education have come to need and expect.


  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • Unlocking Peace of Mind

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown Read Now

  • Emerging Campus Access Control Solutions

    Emerging solutions in campus access control can mean different things. Usually, we expect the topic to focus on the very latest in door security products and solutions that have just been recently released or are about to be launched. After all, staying up on improvements to keep campuses safer is critical. Plus, it’s always interesting and exciting to learn what’s new and how innovations are going to better protect lives and assets and help the industry be even more successful. Read Now

  • Here’s How Instructional Audio Can Play a Key Role in School Safety

    Ensuring the safety of students and employees is critical in today’s educational environment. While the threat of a school shooting is in the back of everyone’s mind, the truth is there are many possible scenarios that could crop up at any time in classrooms, hallways, and other school spaces—from fights or altercations to a sick child or staff member who requires emergency attention. Read Now