Safely Use Immersive Tech with Help from Security Tools
If schools are going to host these tools on their networks, they should treat them like any other technological device and vet them before giving them access. Bad actors can hijack immersive tools to backstep into a school’s network and gain access to private information that lives in places such as student information systems.
Schools should consider installing endpoint detection and response software that can monitor and detect anomalies and then lock down any tools — including immersive tools — that pose a threat. Schools should also ensure that all of these devices are behind firewalls and that they are locking down ports and locking down access.
Secure Account Habits Protect Student Data in Case of Cyberattacks
Schools must set up student accounts in such a way that even if the accounts were infiltrated, students’ information would remain safe. That might mean not using students’ last names or sharing their addresses.
If educators are using a VR headset, for example, IT could configure the headset so that it locks every hour and forces new users to sign in to use it. This might seem a bit extreme. However, nefarious things can happen when schools allow unfettered access to any school-issued device; for example, unregistered users can go into someone else’s account and assume their identity for cyberbullying or engage with inappropriate materials. IT staff should also have a master list of passwords so they can access these devices and programs if needed.
Technology and Configuration Audits Can Ensure Device Security
Consistent technology audits are always a good idea. Once these tools get into the hands of our students, we may not always be aware of what programs they are using. Students are curious, and even if they are using learning components from National Geographic, they could also just as easily be using school technology to play a video game.
Periodic reviews can make IT and teachers aware of when a student is using a school device in an inappropriate manner and help them lock it down. Similarly, configuration audits can ensure that devices are properly secured and set proper user permission levels.
Such audits should also prompt schools to update their policies so that only administrators can download new programs onto school-owned devices.
Include Immersive Technology in All Incident Response Plans
Unfortunately for K–12 schools, a cybersecurity incident is not a matter of if, but when. In a recent Sophos global survey, 80 percent of K–12 respondents reported being victims of a ransomware attack in the past year.
With this information in mind, schools should update their incident response plans to reflect immersive technology use. Having a documented plan of how to prepare for an incident involving these types of technologies will mean IT can take quick action when needed.
Develop Student Data Privacy Policies Compliant with Federal Laws
Student information always needs to be protected first because it’s the last virgin information on the planet. If a student gets their information stolen or if someone uses a student’s identity, we probably won’t know about it until after they turn 18 and start collecting on their credit scores. So, keeping information private for their physical, emotional and financial safety is very important.
Under the Family Educational Rights and Privacy Act, schools are obligated to protect student data, which means they must limit the amount of data they share with third parties. As part of creating a safe learning environment, some schools have developed student data privacy policies that comply with FERPA for their IT vendors and other third parties.
Restrict Student Access to Immersive Tech to Responsible Users
Schools have a responsibility to keep children safe while they are at school. One way to do that is to reduce the likelihood of them unknowingly sharing sensitive information with outsiders. More schools are creating digital citizenship curricula that teach students how to safely navigate the internet.
Schools should also create an agreement that students and parents must sign before they start using these tools. The agreement should cover topics such as not sharing passwords, not cyberbullying and not using the device inappropriately, and should include consequences for breaking the agreement.
Inform Parents of Their Right to Choose What to Share
In addition to signing a behavioral agreement for their student (s), parents should also be informed about how their child’s information could be used on these immersive technologies, especially when it comes to privacy.
According to research published in the International Journal of Computer-Supported Collaborative Learning, “[extended reality] technologies open up a range of learning affordances through their ability to immerse learners in digital worlds and to track learners’ body movements on digital displays.”
Knowing this, parents should be properly informed of what kind of information immersive tech might retain. Some parents may not be comfortable with their children being in the metaverse, for example, and using avatars that look like them. Others may be okay with sharing only their student’s first name and initial on these platforms.
Schedule a Small Test Before Giving Immersive Tech the Greenlight
Bringing immersive technologies safely into schools will be a learning experience for everyone, not just for teachers and students but also for IT teams. Some educators take extra precautions and download the programs onto headsets so students don’t use them live on the internet. Other schools might access immersive technology exclusively on laptops, and this may mean giving students live access to the internet.
However, the smartest approach for introducing any kind of technology, no matter the type, is to conduct a small test. Schools can have five to 10 students try out new immersive technologies for a month. This will allow IT to see what issues pop up and give them time to make corrections or adjust configurations. These tests shouldn’t end with a breaking-in period. Schools need to constantly learn from their technologies so they can be ready to face any security challenges.
This article is part of the ConnectIT: Bridging the Gap Between Education and Technology series. Please join the discussion on Twitter by using the #ConnectIT hashtag.