Cybersecurity in online learning

Submitted by miranda.prynne on Fri, 30/04/2021 - 09:00
View
Mohammed Rehman explains what steps universities should take to educate staff and students about cybersecurity and how to protect themselves when teaching and learning online
Article type
Article
Main text

When then UK Labour leader Jeremy Corbyn’s plan for free high-speed broadband was presented in 2019 it was seen as “crazed” by some, but then the pandemic hit and we realised that access to the internet should be seen in the same light as electricity – as an essential utility. Access to the internet has been vital over the past year as many were forced to work from home and needed to connect with others.

Schools, colleges and universities across the world had to quickly mobilise resources to ensure continuity of learning for their students, to varying degrees of success. For many this was uncharted territory and inevitably mistakes were made, from unauthorised users “Zoom-bombing” online classrooms and posting abusive messages and obscene images, to inadvertent sharing of information. Our own prime minister was a victim of this, sharing the ID of an online meeting in a tweet.

So, how should education providers navigate the dangers of online teaching to keep their students and staff safe?

Training is key

Many at our university were already working in the online space, so when the pandemic hit it wasn’t a massive change in our daily activities. For many universities, though, the move to online has required a complete overhaul of working practices, the use of dozens of new tools and the sharing of a lot of personal information online – whether through the backgrounds on a Zoom call or the details shared with a tech provider when setting up an account.

We made the move from face-to-face to online very quickly, including a major switch from one online conferencing tool to another. This occurred with minimal disruption because we recognised the need for training to ensure everyone bought in to the change.

There are some key elements that training should cover:

Using the technology

Ensure that everyone understands how the tools work, what features they provide and what the points of failure may be. Zoom is great for getting multiple users in a virtual room, but it also offers polling, breakout rooms and screen sharing – features that are great for encouraging engagement but not familiar to everyone. We conducted our training using the same tools that academics would use, so they felt what it was like to be a student.

Online etiquette and the role of moderation

We all watched with amusement the Handforth parish council meeting that went viral recently, but on a more serious note, such unreasonable behaviour needs to be managed and dealt with in the same way as in a face-to-face classroom. This means ensuring that participants mute themselves so as not to distract the session and intervening when discourse becomes unacceptable.

Adhering to privacy requirements

Ensure that students are not sharing personal or identifying information. This applies not just to what is posted in chat but to webcams. In addition, academics need to check what they have open on their screens: turning on content sharing may reveal that private email you are composing to a student, for example. When creating meetings these links are shared only with our students via our Virtual Learning Environment, not posted publicly. Meetings always have the waiting room enabled so that we can actively manage the session participants and who joins. Allowing only the host to share content also ensures that students can’t share anything inappropriate, along with their email addresses. A multiple screen setup may help here, moving content over and sharing it from a separate screen.

Keeping meetings secure is essential

Using a paid-for version for a tool will give you more options than the free one and gives you more flexibility in terms of number of participants and where recordings are held. We bought a number of additional licences and increased our capacity to hold recordings in the cloud as we ramped up the number of sessions we were running. Students need to understand their responsibilities: it must be made clear they should not share their login details or meeting IDs with others.

Educating users about phishing attacks

Staff and students should be trained in what to look out for to avoid phishing emails that entice people to click on links then install malicious software on their PC or laptop, allowing hackers to hijack the machine. These emails can be very cleverly crafted and even seasoned professionals can fall prey to them if they have been designed to look like they came from colleagues. It is worth equipping staff and students with additional knowledge and tools to spot telltale signs. Institutions should test awareness, with the IT department sending out a test email with a link to see how many blindly click it, and put in place remedial training for those that don’t check the legitimacy of emails.

Having all this training available in an online repository would be helpful. Building it into the induction process for new staff and students at the start of an academic year would be the ideal time to ensure it is delivered.

We can now see the light at the end of the tunnel in terms of returning to the classroom but technology-enhanced learning and online teaching is here to stay in some form. We need to continue being vigilant and protecting our students and staff as we integrate online tools into our teaching.

Mohammed Rehman is head of the School of Computing at Arden University.

Standfirst
Mohammed Rehman explains what steps universities should take to educate staff and students about cybersecurity and how to protect themselves when teaching and learning online