Cyber Security Threats in Online Schooling and Colleging
With all the talk about washing hands, students need to also think about how to practise good cyber hygiene using encryption, VPNs, software updates and password management. Software that takes over a device can expose the user to spyware, malware or data exfiltration that can compromise health and personal information, or academic research and intellectual property in a competitive field.
With more teachers and students online, particularly if they’re doing it from less controlled environments outside of the school, the attack surface of the school community is increased, Schools and Universities tend to be quite careful about doing intrusion detection, and putting up fairly sophisticated access controls.
Threat from Zoom Video meetings
Video-teleconferencing platform Zoom has security and privacy issues, prompting Indian Government and later even New York’s Department of Education to ban its use as a digital classroom, Singapore banned teachers from using Zoom after hackers crashed sessions, sharing obscene images and making lewd comments. Yes but in India schools and colleges which charge their student's considerable fees yet use free Zoom and bring the whole family of a student at Privacy risk.
Hijacking control of Zoom calls, also called “Zoom-bombing,” In Chandigarh, when a science teacher was about to begin a lecture on the reproductive system for her Class X students over video conferencing app Zoom. The teacher had recently learned how to use the app from her son. After about 45 students had joined the session, the teacher locked the conference room and stepped out to do a final audio and video test on her son’s computer. While she was away, a pornographic movie began playing on the screen from a student’s screen. It took almost five minutes for the teacher to realize what was happening and rush back to end the session. The victim girl from whose screen the movie was shared has been traumatized due to repeated questioning by school authorities and classmates and is reluctant to rejoin the school after the lockdown ends, just imagine the trauma.
The pandemic era is creating an apparent gold mine for cyber spies, according to an April report co-authored by researchers Bill Marczak and John Scott-Railton, based at The Citizen Lab research centre at the University of Toronto. The researchers found vulnerabilities with Zoom’s encryption and “waiting room” feature, which it had raised with the company.
Screengrab of Zoom encryption in The Citizen Lab's April report. Photo via citizenlab.ca
What Can be done more
It’s often not the technology that fails. It’s teachers and students behaving in ways that put educational institutions at risk by not using a complex password or showing reluctance to using multifactor authentication, These are the kinds of simple behaviours that we emphasize but often aren’t followed across school systems, where sometimes convenience wins over cybersecurity hygiene.
That’s why educating teachers and students is so important, especially with looming budget cuts that may affect spending on security improvements such as firewall upgrades and higher-level endpoint protection, But that training needs to be ongoing and should include everyone in an educational institution. cyber awareness training can cover basics like creating strong passwords, social engineering, social media behaviour and about phishing attacks.
Not just one session at the start of the school or college year, I mean ongoing messaging throughout the year that makes cyber safety a part of the school culture and is embedded in how we teach and how we learn, The key learning piece is that you can’t treat cybersecurity as a one-and-done. It’s not a checklist that you go through, because the next day, the entire environment has changed.