COVID disruptions causing privacy headaches for educators


Of all the challenges that COVID-related lockdowns have brought to the education sector, one attracting increasing attention is data privacy. In fact, education was among the top three most breached sectors in 2020, according to a new report released by the Office of the Australian Information Commissioner (OAIC).

With students forced to study from home and teachers relying on audio and video conferencing channels to conduct classes, the opportunities for cybercriminals to steal data and cause disruption have increased dramatically.

While personal data has traditionally been stored within a secure school or campus environment, it is now routinely transmitted and accessed via the public internet and insecure home networks, and held on personal PCs and other home devices.

When it comes to privacy, the implications are significant. Personal data including everything from exam results and marks, to medical details and personal contact information is at a higher risk of being stolen and misused.

Awareness is key

When it comes to maintaining effective data privacy in a remote-learning environment, one of the key steps students and educators need to take is to increase awareness of the issue. Educators should make a point of explaining the risks to their students and give them details on the steps that should be taken in response, without overcomplicating the concept of security. Generally speaking, all you need to explain is that they should remain skeptical, and trust, but always verify.

It’s also important to understand that raising awareness levels is not a one-off activity. Students need to be reminded on a regular basis with practical examples and quizzed to ensure they are following appropriate guidelines at all times.

Privacy awareness and data security need to become ingrained traits that are constantly top of mind. Rather than being an issue that’s deemed to be addressed by an IT department, it must be viewed as the responsibility of all individuals.

Password security

One effective way of improving privacy through better IT security is ongoing management of passwords. Whether learning in the classroom or working from home, educators and students will be reliant on passwords to access centralised applications and information resources.

A challenge arises when the same password is used to access more than one resource. If a cybercriminal successfully steals the password, they can potentially use it to gain access to a range of different systems.

Students and educators should make it a habit to never reuse passwords and change them on a regular basis. Using the same password for both school-related work and personal activities must also be avoided. This will reduce the chance of privacy breaches occurring in other systems being accessed.

Phishing emails

Students and educators should also be aware of the constant threat posed by phishing campaigns which involve attackers sending emails that appear to come from a legitimate source. The emails try to convince recipients to click on a link, open an attachment, or enter log-in details which are then stolen by the attacker.

Some phishing attempts can be very sophisticated with the emails appearing to be authentic. They may seem to have come from a known educator or the school’s administration department but have in fact been sent by a criminal. For this reason, vigilance is required at all times, and ‘spot the phishing email’ exercises are a great way to encourage staff and students to be more discerning in their day-to-day email activity.

Securing personal devices

Students and educators can also improve their personal privacy by ensuring the devices they are using to access centralised applications and resources are secured. One of the first steps that should be taken is a check to ensure all software updates and patches have been downloaded and installed.

Anti-virus tools should also be activated so they can monitor for malicious code. This will reduce the chance of a cybercriminal gaining access to the device and to the personal data it is likely to contain.

Maintaining effective personal privacy is a constant and ongoing challenge, especially in a remote teaching and learning environment. However, by taking this series of basic steps, educators and students will be in a much better position to withstand the threats and keep their personal data secure.

The following two tabs change content below.
Jack Roehrig
Jack Roehrig was appointed Chief Information Security Officer at Turnitin in 2018. He has more than 20 years’ experience in the IT industry and during this time has worked in systems engineering and security roles at IAC Publishing and
Jack Roehrig

Latest posts by Jack Roehrig (see all)

There are no comments

Add yours