Cybersecurity for Teaching
By Baljeet Bilkhu, Faculty in Applied Computer Science and Information Technology Programs
Having worked in the IT industry for the past 30 years after graduating from the University of Waterloo with a B.A. Sc. in Electrical Engineering, Baljeet Bilkhu has been sharing his experiences, knowledge and methods for a successful career with students at Conestoga College since 2016.
During this time, he has been teaching in the Faculty of Applied Computer Science and IT within the areas of Software Quality Assurance/Test Engineering (SQA/TE), Computer Application Security (CAS) and Mobile Solutions Development (MSD). In addition to his teaching duties, Baljeet has also been involved in developing curriculum for courses within these and other Programs.
Recently, Baljeet has completed his Masters degree in Information Systems from Athabasca University and hopes to continue sharing his lifelong passion and experience in IT with up and coming students.
While access to the Internet has provided great convenience, resources and opportunities for individuals it has also provided opportunities and exposed vulnerabilities within computing systems for malicious users to exploit and take advantage of.
Specifically, in regards to education, access to online Learning Management Systems (LMS) has been a critical aspect in ensuring digital literacy for students. The following tips are geared towards faculty utilizing a mostly online approach to their courses:
Tip #1: Secure File Transfer
A lot of times, we, as professors, need to transfer files to our students using a variety of methods – such as posting files in an online resource (such as Office 365 – OneDrive), or transferring files through e-mail or USB drives.
In order to prevent viruses, worms or other forms of malware from spreading and infecting others, download the latest patches or signatures for your Anti-Virus software and perform a scan of the file(s) intended to be distributed to students, verifying they are free of any such malware. Another tip, in this case, is to mention to students to perform their own scan once they have received the file(s) on their end, to ensure no such intrusions have been introduced during the transmission.
Tip #2: Secure Downloading
Continuing on from the first tip, often times, students are required by instructors to download software applications or packages to understand the material being taught or to possibly complete assessments. In such cases, there could be malware, like viruses, attached to such software, and, as a result, when students download and execute such software, their systems will be infected without notification (in most cases).
A solution is to compare the “hash”/signature values for such files to ensure no other malicious code is “stowing away” on such files. Using a popular hash calculating program like “HashCalc” can alleviate such concerns by calculating the hash value of the downloaded file, and comparing this with the hash as provided by the program developer.
If the hashes match, then the program has been downloaded with integrity. If the hashes don’t match, then a full system scan should be performed and the downloaded file should be discarded as soon as possible and never executed.
Tip #3: Virtual Machine Usage
The use of VMs (or Virtual Machines) provides flexibility in constraining work to the VM itself without affecting the host PC. Virtual Machines are images of operating systems (such as Windows, Linux, Mac, etc.) that can be run within the realm of a physical PC, and can be isolated as to not affect the operation of the physical PC. They can be set up on their own private network with or without access to the Internet, and can be re-built with little effort. Students (and faculty) can set up their own VMs whenever they like, perform their work, and then shut them down without jeopardizing the host PC upon which they are running.
Tip #4: Employing Encryption
For transmitting and storing sensitive data (such as student grades, feedback, etc.), faculty can employ encryption for their files and file systems. By encrypting such sensitive data, even if an intrusion is made to the file system where that data is stored, the malicious user would not be able to make sense of the data there, if encrypted, as the individual performing the encryption would be the only one who would normally know the “key” or password to decrypt such information – thus keeping it safe from unwanted access.
Tip #5: Complying with Your Organization’s Cyber Policies
This last tip is to put into perspective the notion that malicious users normally only require a single, weak point of entry to gain unfettered access to an organization’s systems and data. By all of us (as faculty and students) taking some time to familiarize ourselves with the cybersecurity policies of Conestoga College, we can ensure that we are not the “weakest link” in allowing such unwanted intrusions.
Some simple things we can do, in addition to the above tips, is to ensure we are employing Multi-Factor Authentication (MFA) when we sign in to the computing systems; treating all data that we interact with as being sensitive and confidential; and, finally, escalating any potential security issues to the appropriate personnel as soon as we recognize them.