Articles

Op-Ed

Remote Learning’s Hidden Security Risk

By Dov Friedman
April 17, 2020

As K-12 schools move to fully online learning in response to the COVID-19 pandemic, many educators are using free web and video conferencing platforms (such as Zoom) to connect with their students. While this is a worthy goal, the scramble to implement online learning on the fly inadvertently presents schools and their students with an added security risk.

Using Zoom and other online conferencing platforms brings students and teachers together in a way that lets them see each other face-to-face. This type of interaction simulates a traditional classroom environment and helps build a sense of community online. That’s important for keeping students engaged and overcoming the sense of isolation they might feel in learning from home.

Maintaining Instructional Continuity with Video Conferencing Also Exposes Students and Teachers to Security Risks

However, when educators aren’t familiar with the subtle workings of Zoom and other web conferencing platforms, they could be exposing their students to significant security vulnerabilities.

One problem we’re seeing is that the links teachers are sending to their students to join a video conferencing session are public links. This means anyone could join the meeting or video conferencing session, and the teacher would have no way of verifying the identity of participants.

With a non-secured public link, anyone who has access to that link can click on it and join the meeting. Students could send the link to their friends in other classes or even at other schools. Those who click on the link and enter the session can sign in under any name, and the teacher would not be able to tell who’s who. This means students (or imposters) can hijack online meetings and wreak all sorts of havoc, with no accountability.

Zoom-Bombing

This hypothetical scenario is actually playing out in video conferences throughout the nation. In fact, the FBI has warned K-12 administrators of the potential for what it calls “Zoom-bombing” after the agency received multiple reports of educational video conferences being disrupted by pornographic images and hateful or threatening language.

According to the FBI’s Boston office, two different online classes in Massachusetts were targeted in recent incidents. In one, a high school class reportedly was interrupted by an unidentified person who “yelled a profanity and then shouted the teacher’s home address in the middle of instruction.” A second class was said to have been interrupted by an unidentified person who appeared on video while displaying swastika tattoos.

There is a way to create a secure, private link for inviting only select participants to a video conference in Zoom and other free online platforms, but this configuration isn’t easy for new users to understand. If schools will be using these tools to support online instruction for the remainder of the school year in the midst of the COVID-19 outbreak, then teachers will need specific training on how to use these tools more securely and effectively.

Mitigating Risk

Another option is to link these web conferencing tools with a school or district’s learning management system (LMS) using a secure integration platform that generates unique URLs for each scheduled session.

A video conferencing platform that is used for teaching and learning should make it simple for instructors to create an online meeting and invite only students from their class to join. Ideally, this process should require just a few clicks; if it’s too complicated, then teachers won’t use it — and students will lose out.

Imagine if the process for inviting students to an online meeting and verifying their identity when they join were tied to a school system’s LMS or to a single sign-on (SSO) authentication system. Then, teachers could invite an entire class to join with a single click — and when students enter the meeting, their identity is automatically confirmed without even asking them for their name.

Learning Remotely and Safely

This would ensure that only authorized students could enter a meeting, and it would guarantee that instructors know who’s participating. Teachers could hold students accountable for their actions, which would result in far fewer disruptions or inappropriate behaviors.

Video conferencing can be a powerful tool for bringing students and instructors together and ensuring that learning continues uninterrupted during this extraordinary time. But K-12 leaders need to think carefully and take the time to learn how they’ll support these experiences in ways that are safe and secure for everyone, so once this crisis passes, they can continue to teach synchronously online in a safe and secure manner.

Dov Friedman headshotDov Friedman is a co-founder and vice president of business development for CirQlive, which seamlessly integrates leading web and video conferencing platforms (such as Zoom) with a school system’s learning management system or single sign-on system. Follow CirQlive on Twitter.

Featured Image: Philipp Katzenberger, Unsplash.