Don't think that the introduction of quarantine was an opening for hacking educational institutions. Hacker attacks began long before the COVID-19 pandemic and the mass shift to online learning. A year ago, the school district in San Bernardino, California, became the target of ransomware attacks. According to Tessian, the University of Utah and the University of California paid ransom payments of $457,000 and $114,000 respectively to gain access to their systems.

Secondary education institutions (below the college level) are the most vulnerable to hacking. Cyberattacks on schools are cheap for criminals, but it can cost the schools themselves millions of dollars to prevent or recover from them. School districts simply do not have the resources, both financial and human, to handle such attacks.

While cyberattacks on companies and corporations profit hackers, the target of attacks on educational and academic institutions are research programs or easy looting. Some universities are willing to pay a ransom to restore student data or financial transactions, just to avoid being dragged into litigation by the victims. Also, restoring the university computer system can take months, paralyzing not only distance learning but the entire educational process.

The situation with big data is no less sad. The data retained by international telecommunication companies such as Zoom can be used against students. The cameras of the devices through which students use telecom software are of greatest concern.

Concerns About Video Conferencing

Zoom's online video conferencing tool became one of the most popular software for educators in the early days of the COVID-19 outbreak. Data privacy advocates recommend that schools use only the company's educational product, which includes specific FERPA compliance provisions not found in the company's other products.

Parents should consider shutting down their students' webcams unless they actively use the Zoom platform or switch to a similar free open-source product, Jitsi, which does not require an account. There is even a complaint filed by the Electronic Privacy Information Center in 2019 alleging that Zoom activates users' webcams even if they don't use the platform.

At the beginning of this school year, a targeted information campaign was carried out by the New York City government in the local media. Simple rules were insistently communicated to the public to help protect the privacy and safety of the child; for example, recommendations to turn off webcams and computer microphones after online lessons, to hide the child's personal information, not to leave bills or bank statements in front of the webcam, and not to use a device with bank access for distance learning.

Schools have taken different approaches to regulate videoconferencing to avoid violating students' privacy. For example, some schools in the Pollack district prohibit any personal video conversations with students. In the Romayor district, teachers have been instructed to video chat only with "whole groups", not individual students.

What Should EdTech Companies, Students, and Teachers Do?

As the effectiveness of online learning continues to improve, experts have been busy identifying common problems in online learning cybersecurity, causes, and ways to fix them. Here are tips for mitigating major risks in online, hybrid, and distance learning:

1.  Build Digital Trust

Given that higher education may never return to the traditional form, building digital trust is important. An organization's ability to protect digital information is critical in the new academic year, as the primary interaction will take place online. Providers of online learning platforms must ensure the security and privacy of their applications and methods of interaction with users. It is necessary to understand who will work with the software and how, what data will be entered, and how it will be used and shared. Universities should prioritize zero-trust contracts, giving access only to trusted campus employees and students. It is important to know who is collecting data, how and for what purpose, and where they will use it.

2.  Access Management

Distance learning systems must be prepared to address cybersecurity issues. The key point here is access management. Since many students access e-learning systems from multiple locations, universities need solutions that can evaluate both current and old access requests, deny or approve logins, automate incident reports, and terminate connections.

3.  Learning Management Systems

Learning management systems must initially ensure data security and confidentiality. Often the problem lies in securing add-ons to ensure interoperability of learning tools. It's also worth considering vulnerability assessment tools that can identify potential problems with the system before it is massively used in learning.

4.  Protecting Third-Party Services

This section refers to third-party services that process data for universities and the growing number of Industrial Internet of Things devices on campus. This requires both an initial network assessment and the deployment of new infrastructure capable of supporting connectivity to the Internet of Things at any scale. It is important to be able to identify applications and services that contain potential hacking points, to use cloud technologies that work with the connectivity of a variety of devices.

5.  Cybersecurity of University and College

Security for online classrooms is becoming an important task for IT and IS departments at universities. Here, it is first of all necessary to fill the staff shortage and pay maximum attention to the cybersecurity issues; then, distance learning will bring the desired results. Not to mention the rapid demand for data science graduates is only going to increase further with so many new career opportunities.

Security of big data is not given enough attention, but when implementing big data projects, security issues should be considered from the beginning. Otherwise, instead of business opportunities, businesses will get more business risks.

Summary

The protection of big data should be approached comprehensively, taking into account all possible threats to the confidentiality, integrity, and availability of these data. To ensure big data privacy, companies should:

• Use reliable mechanisms of authentication and delimitation of access rights when accessing the data.

• Separate personal data from other data.

• Protect access passwords with encryption or hashing mechanisms and make sure that strong algorithms are used, such as AES, RSA, SHA-256.

• Ensure that all important information security events are logged when processing big data to further investigate possible incidents.

• Ensure protection of data storage and transaction logs, including by using encryption mechanisms.

• Ensure the security of endpoint devices, including mobile devices that handle big data, through the use of antivirus software and mobile device management systems.

• Ensure the protection of server components of systems involved in the processing of big data (firewalling, including application level, anti-virus protection, etc.).

• Systematically conduct training sessions to increase staff awareness when working with big data.