Last year, as schools were closing their gates, e-learning cybersecurity wasn’t exactly a top priority for most teachers. In general, when it comes to securing our devices and online solutions, we tend to assume that what we do is usually good enough. Unfortunately, many incidents have disproved this, with dire consequences such as stolen student data and online class hacking.
In this shift to online teaching, many educators were unprepared for these threats. Now, there is a mix and match situation worldwide, with some students taking online classes, hybrid, or returning full time to school.
Read more: 4 Scenarios for the new normal of education
What doesn’t change is that e-learning is here to stay, as the benefits of using an online tool for class activities far outweigh the risks for both K-12 and Higher Ed organizations. This means that e-learning security is essential and will have to get more robust if we want to prevent unwanted situations in our schools.
If you’re worried right now, know that you’re not alone. Many teachers struggle with this, but there are ways to protect yourself and your students against malicious attacks. And it all starts with small and consistent behavioral changes.
Why behavioral change is important for security
Disclaimer: this is not meant to blame teachers and other school staff. Cybersecurity in education is a complicated issue since institutions often don’t have the funds to invest in more secure systems.
However, cybersecurity is also about knowledge and preventing certain individual behaviors, such as clicking on suspicious links. The truth is that most of us aren’t being very careful all the time, even with sensitive information. We believe that these things don’t happen to us, even if we use the same password for all accounts. In reality, 64% of sites have unencrypted passwords, which leaves them very vulnerable to attacks.
Behavioral change refers to small and consistent habits, such as reading and understanding the Terms and Conditions and other policies of any app you or your students might be using. Taking a proactive stance really helps you and your students stay as safe as possible online.
7 Tips for navigating e-learning cybersecurity threats as a teacher
In the following part, we’re going to focus on the top e-learning concerns that most teachers have, and we’re also going to mention a few practical solutions.
Some of these tips require school assistance, but there are also a few things that you can also do on your own. They are:
Secure edtech: Getting professional accounts
The Internet is a great tool, and we’re all for free and/or affordable resources. Seeing how people have rallied up and compiled lists of good resources to use during the pandemic was truly heartwarming.
However, being so used to free software or apps isn’t always a good thing. Free could also have some downsides, such as your and your students’ data being used unfairly. Generally speaking, whenever you pay for something, you can also expect better support and security. If a tool offers professional teacher accounts, you know that you’re using a more classroom-friendly solution that has to comply with specific laws (we’ll get to that later).
So, I know that this isn’t the case for each and every teacher, as many need to look for free alternatives, and that’s that. However, if there is a budget for this, do request professional accounts, at least for some things: learning management systems (LMSs), web conferencing, or an antivirus.
You can also look for discounts for schools or simply ask edtech vendors for a custom offer.
Securing sensitive information: Managing user identity
We’ve all heard of Zoombombing, which many schools and universities had to deal with during the pandemic. Unfortunately, it revealed certain flaws in video conference settings and user management. That’s why authentication is so important. For example, in the LMS, administrators can enroll students to make sure that the right person uses each student account.
Always make sure that you’re only sending the web conferencing links directly to students, using a secure location, such as the LMS. Sending links over Whatsapp, for example, could potentially leave you vulnerable to attacks since it’s easier for hackers to get into group chats.
The other thing is to know exactly what you’re doing with your accounts. For example, Single Sign-On (SSO) is great since it helps you verify the identity of a student. If you’re using your Google account to log in to another system, you don’t have to retype your password.
However, if you’re using your social media account to log in to a platform that you use to create materials or communicate with students, that could mean that hackers could gain access to all of your accounts by simply hacking into your social media one. It’s better to choose a platform with a two-factor authentication option.
Avoiding malware attacks: Insisting on protection for BYOD
Malware attacks are sneaky, and hackers can exploit any security vulnerability. For example, if you or your students use a public Wi-Fi network to access lessons, there’s no telling who set it up and who might gain access to your private data. This is important because some students simply don’t have access to the Internet at home.
On school devices (even mobile ones), administrators can already install antivirus software. However, this becomes trickier when schools have a Bring Your Own Device (BYOD) policy. In some cases, schools can also give extra accounts for these students, which is great.
If not, it’s best to talk to them or their parents directly and inform them about the dangers of unprotected devices. The IT department can also add a security checklist for parents so they know from the beginning what and what not to do.
Plus, if you teach remotely or have no other option than to use public Wi-Fi, make sure you have a Virtual Private Network (VPN) installed.
Breaching privacy laws: Reading the Terms and Conditions
When it comes to privacy laws, each country is different and has more stringent or relaxed requirements. The E.U.’s GDPR is the toughest one, and all schools have to have a Data Protection Officer to make sure that their policies are up to date.
Some schools offer this as part of their professional development (PD) training. For example, under COPPA, the school or district makes decisions about tech that can be used in the classroom, but often, in practice, it’s up to the teachers to make that decision based on their students’ needs.
In the long term, it’ll also help you feel more confident about using said edtech.
Dodge email scams: Learning how to identify them
Phishing is a widespread method that hackers use to gain access to confidential information. Unfortunately, schools are especially vulnerable to this one, and that’s how many security breaches start.
For example, you can receive an email that looks like it could be sent by your school’s admin, but the scammers are using a slightly different email address, so you don’t even notice that it’s a trap. Another way to hack systems is to make you click on fake login pages so they can steal your credentials easily.
Otherwise, you could be downloading software that seems legit, but it’s actually malware.
As a teacher, you have to be careful what links you click on, check email addresses, and consistently report scam attempts to the IT department. They’ll usually issue a warning and prevent other people from getting tricked.
Get help and stay informed: Collaborating with the IT team
In the U.S., more than half of K-12 teachers say that the school didn’t warn them that they could potentially be a victim of ransomware. Ransomware is especially worrying since hackers ask for a lot of money in return for the stolen data. There’s no guarantee that they’ll also leave the system alone since it’s essentially blackmail.
When dealing with cyber issues, the IT department is usually overwhelmed and/or understaffed. That’s why educators have to meet them halfway and work as a team for the good of the entire organization.
Teacher proactiveness can mean asking the IT team to offer advice and send it periodically to the school staff. Usually, the information needs to be updated as the scam attempts get more and more clever. You can also teach students how to navigate these challenges, so at least your online classroom will be safer.
Protecting data and materials: Using secure storage
At the beginning of the pandemic, teachers had to make do with what they could, uploading lessons where it was most convenient. Now that we know what we’re dealing with better and have more time to think, it’s also good to plan for file storage and backup.
This is concerning, especially if you’re using a cloud storage solution that’s not secure enough. For example, there is a difference between using Dropbox as a private person and Dropbox Education for Higher Ed institutions, which ensures that you comply with different laws, including COPPA.
A simple solution can be storing important information and files in your LMS. The platform usually has a Resources library or section. In this way, you are protecting your files better. Additionally, you can share them with other teachers and students or keep them in your private library. If you want a good file backup plan, make sure that your cloud storage solution is a trusted and reputable one, and you might also want to consider getting an external hard drive for extra security.
E-learning security is no joke, as we’ve seen phenomena such as Zoombombing and ransomware attacks rise during the pandemic. As we’re still on shaky ground and can’t foresee future public health threat developments, schools need a solid cybersecurity plan.
In the meantime, teachers can also do their part and ensure that they’re complying with basic safety measures, especially where student data and privacy is concerned.