While the world is dealing with the COVID-19 pandemic, schools and universities are forced to conduct classrooms online and maintain social distancing. As social distancing and remote working continue, educational institutions are becoming increasingly reliant on digital (ed-tech) tools and platforms such as Zoom, Google Classroom, TopHat, Kahoot, and custom solutions as an alternative.
The use of digital platforms and ed-tech tools is also leading educational institutions vulnerable to cyberattacks and ransomware attacks, it poses risk to student privacy and safety. Many educational institutions are facing a cybersecurity crisis, delivering value to students in a secured environment has become a high priority.
How security risks can arise with the use of Ed-Tech
- Hackers can easily gain access to your system in many different ways, phishing is one of the most used tactics by hackers. Cybercriminals send emails with infected attachments, once the user opens the attachment, the infection spreads, and hackers can get access to your system. For example, most of the users chose to use OAuth because it allows you to use one login to get access to many different systems. If one credential is used to log in many accounts including a classroom management app that uses the OAuth platform, it can allow hackers to enter into your school system if the connection is not secured and well maintained.
- A cybercriminal can access the personal accounts of teachers and students and use it for making online purchases using a credit card. They can also use it to send phishing emails to other individuals and gain access to more accounts and information. There are many other illegal activities that cybercriminals can execute once they can access your account.
- With a digital platform, there is always a risk of data loss, attackers can make a loss to the school data once they have access. Hackers can steal personal information related to students, staff, and parents, and use them as a crime of identity theft and it takes a long time to resolve such issues.
- One of the most significant problems with cyberattacks into the school system is that it can disrupt the flow of learning and teaching, it can restrict students to take online lessons and teachers to prepare and conduct online classes. The Flagstaff school district had to rebuild its digital infrastructure and cancel all schools due to a ransomware attack.
Here are some major steps an educational institution can take in order to ensure the Ed-Tech security.
1. Access Control Policies
To protect the system from attacks and breaches, schools and universities should have effective user access policies. Users should be provided with limited access so that they can perform their job. Access to account should be automatically revoked as the staff leaves the workplace. It is important to maintain an up to date record to prevent old accounts from fraudulent activities. It is important to control user access by making effective access control policies.
2. Third-party platform providers
If the third-third party platform is being used, institutions need to ensure that third-party platform providers have sound security policies before using their platforms. It is also important for institutions to ensure that access for students and guardians are permitted by teachers themselves through their email ID to eliminate the risk of being attacked.
Institutions should monitor permission settings and malicious apps that create OAuth risks, it can be done by monitoring the abnormal activities on your system that can cause the account takeovers. These activities could be login from an unusual location, phishing emails, and more, any criminal activities found should be informed to the relevant authorities. It can cause account takeover which takes a long time to be resolved, thus regular monitoring on the system is important to prevent it from cyberattacks.
4. Education and awareness
It should be in priority of institutions to make aware and educate students and staff about the secure use of platforms as a part of protection activity. It is recommended to host regular sessions for the awareness of phishing and other email attacks so that they can detect any fraudulent activity and be able to report it to the relevant authorities. Institutions need to invest in cybersafety education.
5. Using personal devices
According to research by the National Foundation of Educational Research, students can easily access inappropriate material in schools through mobile phones. And there are other external influences reported to happen through smartphones. Schools and colleges are required to have clear policies for the use of smartphones in the premises. Students should be taught about the correct use of smartphones while interacting with each other on social media and how to report an incident that indicates cyberattacks.
For example, the University of Washington released security awareness tips for students, faculty, and staff for using the system remotely. Here are some major tips.
- Enable automatic updates in the operating system and applications.
- Use antivirus software and enable automatic updates.
- Protect password, it is recommended to use a password manager.
- Don’t share the password used to access university information and systems.
- Avoid using the “Remember my password” feature when accessing university information.
- Use UW devices and systems when working with UW information whenever possible.
- Avoid storing university information in non-UW devices.
- Delete sensitive UW information downloaded accidentally on your devices.
- Lock the screen when away from the system to avoid unauthorized access.
- Use antivirus software to scan portable storage devices such as external hard drives that contain UW information.
- Use encryption when storing UW information on portable devices such as laptops.
- Use “eduroam” to connect to WiFi in the UW campus and from the campuses around the world.
- Faculty, Staff, and students can use the “Husky OnNet VPN Service” for connecting to the UW network from remote locations.
- Do not perform private online activity when using a public/shared WiFi, or computers.
- If devices containing UW information are lost or stolen, report the incident to the appropriate delegated authority.
Educational institutions are heavily relying on the Ed-Tech due to COVID-19, and it is expected that these trends will be followed after the crisis. Schools and universities are required to perform an audit of their IT system to find out any vulnerability within the system. Institutions should prioritize building secured digital infrastructure for the long run to safeguard their system from cyberattacks.
What do you think of educational (ed-tech) technology security risks? Let us know in the comments below or on Twitter, or Facebook. You can also comment on our MeWe page by joining the MeWe social network.
Piyush Jain is the founder and CEO of Simpalm, a custom software development company in Chicago. Piyush founded Simpalm in 2009 and has grown it to be a leading mobile and web development company in the DMV area. With a Ph.D. from Johns Hopkins and a strong background in technology and entrepreneurship, he understands how to solve problems using technology. Under his leadership, Simpalm has delivered 300+ mobile apps and web solutions to clients in startups, enterprises, and the federal sector.