Volume 18 Digital Issue
Keep Students Protected Online
A string of cyberattacks targeting schools happened in the second quarter of 2020 in the country, just months into the lockdown. The student portals of universities like the Polytechnic University of the Philippines (PUP), Far Eastern University (FEU), and San Beda University (SBU) were hacked, exposing their students’ personal information and log-in credentials. Though reportedly, there was no actual compromise of the sensitive information, the National Bureau of Investigation did launch a cyber-surveillance operation that led to the arrest of the perpetrators.
Overseas, “Zoom-bombing” became rampant, with hackers infiltrating online classes to spill profanities, slurs, and even share illicit material. Cybersecurity specialists identified that the most likely scenario would be students unknowingly sharing the meeting links to these hackers, although it was also possible for attackers to “force links” until they get a meeting ID that works. In response, Zoom updated its security measures and enabled the use of its Waiting Room feature by default for all Basic and Pro users, so users will have to disable it manually should they not wish to use it.
These are just some of the dangers that schools, teachers, and students all face since the increase of internet dependence as a result of the pandemic.
The schools’ responsibility in securing their online platforms
Cybersecurity has been an issue since the advent of the internet. Although measures to prevent cyber crimes have advanced over the years, so have all the ways that hackers can carry out cyberattacks. With the acceleration of the shift to online in the past year, most institutions that adopted online distance learning were caught unprepared to deal with the risks that came with it.
Because of the amount of sensitive information that schools hold through their websites and portals, in particular, it is highly necessary for school administrators to take steps to ensure the safety of their students online.
1. Minimize the data and personal information collected from students.
What’s a simple step schools can take to lower the risk of unintentional or malicious disclosure of sensitive information? Reduce the amount of information collected in the first place. When schools lessen the sensitive data they gather from students, there is no risk of losing that information if a data breach occurs. Assess the information that is being asked from students and determine how necessary they really are.
2. Require strong login credentials from all users.
Contrary to the high-stakes hacking often shown in the media, a lot of cyberattacks happen because passwords used are easy to hack. Enforce a strong password policy for your websites and all your IT systems. Typically, this means requiring all users to create complex passwords with at least eight characters, uppercase letters, lowercase letters, at least one number, and at least one symbol. All users should also be forced to change their passwords at least every 90 days.
IN THIS ISSUE
3. Regularly update and maintain school websites, operating systems, and software.
In July of 2020, Manila Bulletin was able to contact and interview a Filipino hacker group who have scanned school websites for weaknesses and discovered several vulnerabilities that could be breached and exploited. The group found that many school portals have no or expired SSL certificates, leaving these sites prone to attack. Secure Sockets Layer (SSL) certificates establish an encrypted link between a web server and a browser that ensures that all data passed between the web server and browser remains private. Without this layer of protection, any information that students and teachers input in the site or portal can be compromised.
School administrators along with their IT personnel must check and update their sites and systems regularly. Even if teachers and students have strong passwords and are careful with the data they provide, if the back end of school sites and portals is weak, everyone would be left vulnerable.
Because of the amount of sensitive information that schools hold through their websites and portals, it is highly necessary for school administrators to take steps to ensure the safety of their students online.
Teachers’ role in making online classes safe
Aside from these measures that school administrators must take to improve the cybersecurity of their school websites and learning portals, teachers can also implement several steps to protect students in their online classes.
1. Take all available precautions to secure online classes.
If classes need to be held synchronously online, first of all, teachers should make sure to use only legitimate channels. Some video conference platforms are trusted sites that have their own security protocols that can prevent any unwanted presence in online classes.
Meeting links and passwords should only be shared through secure channels, whether in private messaging groups or through personal emails. Take advantage of Waiting Room features so that anybody who enters the virtual classroom can be monitored, and then lock the room once class starts. Make sure that only hosts are capable of screen sharing to prevent anybody from hijacking what the students will see on their screens.
Additionally, there are video conference platforms that have school-specific accounts with security measures specific to student users. Teachers and school administrators should consider investing in these if they use Zoom regularly.
2. Educate students about cybersecurity.
As digital natives who spend a lot of time on the internet, it is important for children to be educated on all the risks and dangers present online. Teachers have a huge opportunity to teach their students how to safely navigate the web.
To start, train students to be more alert about the emails they receive. In the Philippines alone, there was an alarming 200% increase in phishing cases during the pandemic. Phishing involves fraudulently sending emails purportedly from reputable companies to gather victims’ personal information, such as passwords and credit card numbers. Tell students to always check the email’s domain before clicking anything inside the email. Teach them to be aware that there are entities that can mimic the login pages of the school’s online platforms, so they should take a good hard look at the URL before they enter their credentials.
Teach students to be careful about the information they share online through social media platforms and even online gaming. Involve parents in these discussions too, so that they can take measures at home as well.
Cybersecurity experts have always reminded the public as well as institutions to strengthen their cybersecurity and data privacy policies. Now more than ever, schools and educators must exercise more caution when it comes to protecting their students' privacy and information. Following a few simple security practices will go a long way toward keeping students safe online.