Apr 29 2020

Why Videoconferencing Security Is Essential to Remote Learning

Having the right security and privacy protections in place can help K–12 schools mitigate videoconferencing threats and protect users.

As school districts nationwide continue instruction in a remote learning environment, many educators are using videoconferencing technology to stay connected with students and collaborate with colleagues from a distance.

But videoconferencing platforms don’t come without risks. When a high school teacher in San Diego Unified School District held a video meeting with students on their first day of distance learning, three anonymous individuals took over the call and shared inappropriate messages, The San Diego Union-Tribune reports.

Meanwhile, in Massachusetts, reported incidents of bad actors interrupting video calls between teachers and students prompted the FBI Boston Division to release a warning on teleconferencing and online hijacking, according to the The Boston Globe.

Although these events occurred in the context of the novel coronavirus, it’s imperative for school districts to be prepared to address security and privacy risks when adopting videoconferencing tools, no matter when and where they’ll be using them.

MORE ON EDTECH: Discover how districts are protecting student data during e-learning.

The Security and Privacy Risks Associated with Videoconferencing

With school buildings closed, students, faculty and staff have to rely on other ways to communicate and work together remotely. Videoconferencing is an important piece of that, says Curtis Peterson, senior vice president of operations at RingCentral.

Videoconferencing platforms — which combine messaging, video and phone capabilities all in one place — allow teachers to have real-time interactions with students, as well as foster active participation and engagement among them during remote learning. But working outside of school networks places users in a vulnerable position.

“With organizations being mandated to work from home, hackers are increasing efforts to exploit the vulnerabilities,” shares Scott Gordon, chief marketing officer at Pulse Secure, in an interview with Digital Journal. “Schools and universities that are navigating remote teaching and administration can be particularly vulnerable to malware, identity theft and other security exposures, and cyberthreats have increased the risk of students’ medical and academic records.”

To better protect users and sensitive data when using remote learning tools such as videoconferencing, school districts should be aware of potential security and privacy threats.

Watch Eileen Belastock, director of academic technology for Mount Greylock Regional School District in Massachusetts, discuss best practices for ensuring data privacy during e-learning.

Security risks during videoconferencing include outsiders gaining access to meeting rooms and disrupting them, Peterson says. Infiltrators can take over screen-sharing features and share inappropriate content with meeting participants. Cyberattackers can also target users with malicious links disguised as conference links to steal personal or confidential information, inject malicious code into installer programs and even control a user’s webcam and microphone.

In terms of privacy risks, users must be aware of what data vendors are collecting and maintaining and how they’re using it. Peterson also warns educators about recording their virtual classes without consent. Many videoconferencing platforms come with recording features that allow teachers to archive lessons and share them with students who may have missed their class or need to refer back to it.

“But you cannot share those videos with another class, a different age group or another school,” Peterson says. “You can’t be posting them online, and you can’t be sharing them through open-link technology if you’ve not gained permission from all parents in the class to have their students’ images distributed.”

An unsecured videoconferencing solution makes K–12 schools vulnerable to cyberattacks and threats. With some platforms, districts may not even be able to guarantee that student data won’t be shared, sold or stolen.

Here’s how school personnel can best protect users during videoconferencing.

1. Choose the Appropriate Platform for Your District

When it comes to using videoconferencing platforms for remote learning — or any kind of technology product, for that matter — K–12 educators need to stick with tools that are developed for educational uses.

“Tools that are developed for general audiences or workplaces are not designed, most likely, with student privacy laws in mind,” says Amelia Vance, director of education privacy for the Future of Privacy Forum, in a recent webinar on student privacy and safety during online learning.

Therefore, it’s crucial for schools to assess their current videoconferencing system and make sure it complies with regulations such as the Family Educational Rights and Privacy Act (FERPA), which prohibits schools from disclosing personally identifiable information from students’ education records without getting parental consent first.

Vance explains that the “school official” exception under FERPA is what lets schools use online educational services from third-party vendors. But before they can use them and share student information, Vance says they need to ensure that the provider meets several requirements; for example, “fulfilling an institutional service or function that the school would otherwise use its own employees for” and “being under the school’s direct control” in terms of how the vendor will use obtained records.

There’s also no one-size-fits-all solution when it comes to videoconferencing because school districts use different methods for remote instruction and have student populations with varying needs.

Therefore, it’s important to identify why and how educators will be using videoconferencing tools — whether it’s for live online instruction or just to check in with their students. For instance, some classes may benefit from a virtual whiteboard feature, while others may want a platform that can assign teachers a phone number with their account. Schools should also document policies around those uses and communicate them with students, parents and any other school personnel, according to a Consortium for School Networking (CoSN) brief.

READ MORE: Learn how to prepare and support educators teaching from home.

2. Take Advantage of Security and Privacy Controls

The good news is that securing a video meeting is relatively simple, Peterson says. Most videoconferencing platforms have features — from data encryption to multifactor authentication — that can protect against cyberthreats and ensure privacy online. But IT administrators still need to ensure controls are sufficient for how their school’s teachers and students will be using videoconferencing technology.

One key feature that can prevent outsiders from jumping a call is password enforcement, Peterson says. Platforms such as RingCentral Video, Zoom for Education and Cisco Webex allow users to set up meeting passwords for unique meeting room IDs which participants will need to enter before they can join the meeting.

Platforms with tight administration controls can also keep video meetings safe for teachers and students. For example, Google Meet and Microsoft Teams have controls that assign meeting creation privileges to teachers and staff members and allow meeting creators and calendar owners to approve requests made by external participants to join a video call. Some platforms let hosts lock their meeting rooms, which prohibits anyone else from joining the video call.

Peterson also advises IT staff to check administrator logs to track video meeting activity within schools. This allows them to see usage data, such as when a user starts a meeting, who is joining a meeting and where they are joining from. Plus, school districts should look into adopting platforms that have gone through third-party audits to further verify their security, privacy and compliance controls.

DISCOVER: Watch how Microsoft Teams helps schools facilitate remote learning. 

3. Teach and Follow Good Cyberhygiene Practices

Another key defense to security and privacy threats during videoconferencing is having good cyberhygiene, Peterson says.

For example, users who are on platforms with password enforcement features must create strong and unique passwords for each meeting and make sure those passwords are stored and shared securely. Also, meeting hosts should always check who is in the participant list before starting and ending the meeting.

Students, teachers and other school staff should also be taught how to behave appropriately during videoconferencing, Peterson says. That includes reminding educators about data privacy laws and teaching them how to use host controls such as turning off a participant’s camera or microphone and removing a participant from a meeting.

Overall, users and administrators should think of their online classrooms as they would their classrooms at school, Peterson says. “There are people who can come into the classroom, and then there are people who should never be in the classroom,” he says.

Halfpoint/Getty Images