Anyone working in education will forever remember 2020 as the year that turned schooling on its head. According to a UNESCO press release put in late March 2020, over 1.5 billion pupils or 87 per cent of the world’s student population across 165 countries had, at that time, been affected by school closures caused by COVID-19. Australia was no exception. K-12 schools had experienced interruptions in every state and territory, with only 3 per cent of children in Victorian government schools in attendance by late May of 2020. This has meant that most, if not all, teachers across Australia have had to engage in some form of remote education which has given rise to a unique set of security challenges.
This article is not intended as a high-level cybersecurity discussion about the vulnerabilities in a school’s IT network infrastructure arising from teachers working remotely. Rather, it looks at what teachers can do to strengthen their cybersecurity and mitigate the risk of a cyberattack when working from home, whether it be correcting student work, engaging in blended or remote learning or preparing videos of lessons that will be upload and used in the coming days.
Any time a person is working online, he or she is vulnerable to cybercrime. Of course, the education sector is rife with horror stories of teachers whose computer had become infected with malware and began displaying inappropriate content during class. Teachers who fell victim to a ransomware attack resulting in their laptop being locked right before reports were due to be delivered. Today, most cyberattacks result from automated bots scouring the internet looking for vulnerabilities that can be exploited or automated mass email campaigns hoping to get a lucky hit. Cybercrime’s automated nature means that everyone is a target, with education professionals being no less a target than anyone else.
To help illustrate this point, let us quickly review some statistics around Cybercrime.
According to Global Cyber Security Experts ID Agent,
- A cyberattack is attempted every 39 seconds
- 700 million people in 21 countriesexperienced some form of cybercrime
- The damage related to cybercrime is projected to hit $6 trillionannually by the end of 2021
- Ransomware attacks rose 148% in March 2020
- Cloud-based attacks increased by 630%between January and April 2020
- Two in five SMBshave been the victim of a ransomware attack
- More than 80% of reported cyberattacks are phishing
- Phishing attempts have increased by more than 660%since March 1, 2020
- Organised crime gangs account for 55% of attacks
You would be hard-pressed to find anyone in cyberspace who would disagree that cybercrime is on the rise and never more so than in the last twelve months. The Global Coronavirus Pandemic forced untold numbers of teachers worldwide to shift to a work from home model to limit the spread of the virus.
The forced closure of so many schools meant that teachers went from the safety of highly secure and regulated school networks into home environments. If we look at what makes cybercrime possible at its most basic level, it is the fact that most of us are not IT experts. To that end, we will discuss a few necessary steps that will significantly reduce your risk of falling prey to a cyberattack.
We all heard stories of unsecured online meetings being interrupted by unwanted guests in 2020. Whether you use Zoom, Teams, Webex, or some other form of video conferencing platform, the last thing any teacher wants is an uninvited guest interrupting his or her class and potential saying, doing or showing something to a group of impressionable students that might result in issues for students and significant backlash for the teacher and his or her school.
It goes without saying that everyone should be running the latest version of any video conferencing app, with all the updated security enhancements. Beyond that, do not share your virtual classroom’s login details via social media and ensure that students do not share details either. All the best security measure will do little to stop someone who has the meeting ID and participant passcode.
Likewise, if you are using Zoom, do not share your Personal Meeting ID. Doing so is kind of akin to sharing your banking Pin Code.
Familiarize yourself with the security settings of any app that you are using. Examples include keeping attendees in a virtual waiting room so that they can only enter if admitted by the host, ensuring that you, as the host, control screen and file sharing and learn how to mute disruptive participants and disable their video if needs be. Last but by no means least, if you are using Zoom, it is important to know that Zoom has in-meeting chat, which participants can use to message the entire group or each other privately. You can restrict participants’ ability to chat amongst one another while your class is going on and cut back on distractions. Click “Chat” in the meeting controls, then at the bottom of the in-meeting Zoom Group Chat window, click the three dots. From there, you can toggle on options for who can chat with who in your meeting.
Be Mindful of Your Surroundings
We have probably all heard some form of horror story about inappropriate things being captured on video during video classes, such as the poor female student who became infamous during Covid for accidentally taking her laptop into the bathroom without disabling the camera and microphone on her computer. Needless to say, she wasn’t the first and won’t be the last.
Whether you are teaching from home, or recording a video for use in the classroom, be mindful of what is in the background when doing so. Posters with inappropriate language or pictures, housemates or loved ones accidentally wandering through your background in their underwear, last night’s food scraps and leftover lying all over the kitchen counter, whatever it may be. Treat your workspace at home the same way you would at school. Even simple things like personal photos you may not want students to see should be moved out of view of your camera.
Similarly, if you are recording a virtual classroom intending to make that recording available to students after the class, be mindful of what is happening in each student’s workspace. If you see things on the screen in a student’s home that you think need to be removed or not made public, then don’t make them public by sharing the recording.
Lastly, be mindful of who can see your computer. If there are other people around while you are teaching online, be sure to block the sightlines to your laptop or screen so that others cannot hear and see what students are doing.
Phishing attacks are one of the more significant cyber threats to anyone working outside of the school network.
According to Proof Point’s 2020 State of the Phish Report, 75% of organisations worldwide experienced some kind of phishing attack in 2020. Another 35% experienced spear phishing, and 65% faced BEC attacks.
Phishing is a form of social engineering which relies on tricking a person into divulging sensitive information. There are three types of phishing attacks:
- Spear Fishing and
- Business Email Compromise or BEC attacks
On its face, phishing and spear-phishing attacks may seem similar; however, there are some significant differences. Phishing emails, for example, are sent in bulk and easily deployed by those with nefarious intent. Such attacks are generally designed to elicit credit card data or login credentials and are typically a one-time attack.
In contrast, spear-phishing attacks are typically targeted at a specific individual. Because a spear-phishing attack often impersonates someone known to the target, it is more difficult to detect.
Furthermore, thanks to the abundance of available data about most people online, researching a target isn’t particularly hard.
Most experts would agree that spear phishing is most likely the number one security threat facing businesses today.
The importance of backing up cannot be understated. Aside from protecting important work against loss, this is also a crucial strategy for defending against a cyberattack. If you have a properly protected daily back up, you may have only lost a day’s productivity in the worst case. However, once again, you need to ensure your back-ups are subject to the same regular, rigorous virus and malware protection as your computer.
How many of you would be able to name five signs or symptoms that might indicate your computer is compromised?
Here are six sure signs you’ve been hacked and what to do in the event of a compromise.
- You get a ransomware message
- You get a fake antivirus message
- You have unwanted browser toolbars
- Your internet searches are redirected
- You see frequent, random popups
- Your friends receive social media invitations from you that you didn’t send
Should any one of these occur, your first action should be to stop what you are doing immediately and shut down your computer, call your company’s IT manager and report your suspicions. If you don’t have an IT manager, you need to seek a suitably qualified IT professional. This is where that back-up we mentioned earlier will become invaluable.
Coming Back To School
As we return to our classroom, we need to be mindful that devices have been taken out of the school environment, where there were strict control and security measures. You need to exercise extreme caution when reintroducing any device or any files created outside your classroom or school back into your trusted network.
Getting back to work requires a balance. You can’t necessarily stop working or teaching until IT has vetted every machine coming back in. And then what if you are teaching from home part-time. Will IT be required to vet every machine every time it comes back into the school?
One strategy could be to employ technology that enables staff to share ideas and collaborate with students without needing devices to log into the school network.
The InstaShow is a hardware-based solution. It does not require the installation of drivers or other software, which means it works, every time. It also means you don’t need to log in to the school network or have students log into the network. It features WPA2 Authentication Protocol & AES 128-bit encryption in addition to being CVSS compliant while allowing multiple people to all cast to the board at the same time.
The RP Series IFP also has onboard antivirus and malware protection thanks to the use of McAfee software and incorporate the EZWrite cloud whiteboard software, which is proprietary to BenQ, so you can annotate, allow students to log in remotely and mark up presentations in real-time.
Even aside from the security concerns, I find this particular combination creates a great work-flow that is simple, easy, and requires no setup or special knowledge. This is ideal for a school environment because it minimises the chances you will need to wait on busy IT staff and lose precious classroom time.
There is little doubt that remote education presents some unique challenges, but with some common sense, a little training, vigilance and some good tech, the risks are easily managed.
For more information on the BenQ InstaShow RP Series, or InstaShare visit BenQ
Latest posts by Education Technology Solutions (see all)
- - June 8, 2021
- How Safe Are Students Online? - June 7, 2021
- Why Bridging the Cybersecurity Knowledge Gap in Education is a Collective Responsibility - April 29, 2021