Online Learning and Cybersecurity Threats: Protect Yourself

Sep 30, '20 by Joerg Schneider-Simon

Security professionals who monitor cybersecurity threats have noticed an irony when it comes to the coronavirus.

In areas with high infection rates, school districts, colleges and universities are—quite sensibly—requiring students to stay away from campuses so they don’t contract the coronavirus or give it to anyone else. These institutions are offering remote learning in place of classroom learning.

The irony? While online learning protects students from spreading the virus, it does not protect educational institutions from contracting computer viruses from their remote students.

The rise in remote learning is being matched by a rise in computer viruses, malware, and other cybersecurity threats against educational institutions. In many cases, the attack surface is students who are working from home on PCs, laptops, and tablets.

And in many cases, they’re working with SAP applications.

Large school districts, large institutes of higher education, and companies that offer continuing education courses to professionals use enterprise-grade learning management systems, such as SAP Litmos.

Enterprise learning management systems gives training professionals everything they need to manage their training program from one secure, centralized environment. They are hosted in the cloud, and typically integrate virtual, classroom, mobile and social learning.

SAP Litmos, for example, empowers training departments to collaborate, author, globally distribute and track web-based training courses, as well as schedule and track instructor-led courses. It automates formerly burdensome tasks so that classroom teachers and instructors focus their energy on aligning training with their employer’s strategic agenda.

The problem? Systems like this are a rich target for cyberattack – and now that so many students are learning remotely, the risk surface has just increased exponentially.

The rise of remote-learning cybersecurity threats

The sudden rise in online learning caused by the coronavirus pandemic is exposing students and school networks to cybersecurity threats—old and new. Chief information officers are rightly concerned that moving learning so quickly from the classroom to the home has opened the door to cyberattacks.

Of greatest concern is the exposure of confidential and sensitive information. Security professionals and school administrators alike are concerned that cyber criminals will access a student’s, teacher’s or lecturer’s personal information, human resources data, financial records or medical records—using this information to either contact, extort or threaten their victims.

Why are these systems so vulnerable?

Un-vetted technology: Of greatest concern with this new mode of delivering training is the deployment of technology that hasn’t been vetted for cybersecurity vulnerabilities. In many cases, schools were not using any learning management systems before the pandemic hit. They suddenly had to find and deploy applications that helped them deliver remote learning.

Schools faced a number of constraints in finding this technology. It had to be easy to use for teachers and students alike. It had to be available off-the-shelf for immediate deployment. And it had to be affordable (preferably free). Not surprisingly, many of the tools and applications that meet these criteria are consumer apps that are not designed for education. As such, they have unique security vulnerabilities.

Unprotected devices: Another threat comes from students who are using personal computers and home routers that are unpatched and unprotected. These devices run the risk of infecting school networks with viruses, ransomware, trojans and all manner of malware, particularly if school IT staff have lowered security standards to make remote access easier for students and teachers.

Unsuspecting students: At home, as in the workplace, the greatest cybersecurity threat is not hardware or software, but users. And in the “new normal” that is learning from home, those users are often unsuspecting students.

Students who have never received a single hour of training in cybersecurity are suddenly vulnerable to phishing attacks, infected email attachments and links in emails that take victims to fraudulent websites. What’s more, advanced attacks, including the use of real-time deepfakes, may be used on high-profile targets like professors or administration staff.

How to mitigate cybersecurity threats in online learning

Schools, colleges, universities, and businesses that deliver CE training can take a number of steps to reduce their exposure to the cybersecurity threats that online learning presents.

Educational institutions

Protecting your educational institution against cybersecurity threats means tightening endpoint security and bringing your internal security controls up to date.

  • Vet all e-learning tools that your organization is using, particularly if they are publicly available and free. Look for data security and privacy issues.
  • Install security patches on your networks as soon as they become available.
  • Limit file sharing.
  • Enable multi-factor authentication whenever possible.
  • If your organization uses SAP Litmos, protect your networks against viruses and content-based attacks with a solution that’s built specifically to protect SAP systems from cyberattacks.


Protecting your users—and your networks—against cybersecurity threats means putting cybersecurity on the curriculum.

  • Train students to recognize phishing and other common attacks.
  • Train students to avoid public wi-fi connections.
  • Encourage students to download software only from official websites.
  • Insist that students use strong passwords.
  • Install security software on all student devices.

Cyberattacks are always bad news. But they are especially bad news when the targets are schools. Not only are the potential victims a vulnerable group of people, but hackers can gain access to especially sensitive information, including family contact details (student photos, addresses, phone numbers, email addresses) financial records, socioeconomic status of students, and whether students have learning disabilities.

Should an attack be successful, educational institutions could find themselves in a considerable amount of hot water. Schools, colleges, and universities that fall victim to viruses, ransomware, data breaches and other attacks face financial losses, damage to brand reputation, operational downtime, loss of intellectual property, criminal prosecution, civil lawsuits, regulatory fines and more.

While the coronavirus pandemic continues, part of the job in adjusting to the new normal of remote learning is protecting students and their schools from attackers who want to exploit online learning to their advantage.

With the necessary measures to protect students and networks, everybody can stay healthy and safe.

New Call-to-action