An unsecured videoconferencing solution makes K–12 schools vulnerable to cyberattacks and threats. With some platforms, districts may not even be able to guarantee that student data won’t be shared, sold or stolen.
Here’s how school personnel can best protect users during videoconferencing.
1. Choose the Appropriate Platform for Your District
When it comes to using videoconferencing platforms for remote learning — or any kind of technology product, for that matter — K–12 educators need to stick with tools that are developed for educational uses.
“Tools that are developed for general audiences or workplaces are not designed, most likely, with student privacy laws in mind,” says Amelia Vance, director of education privacy for the Future of Privacy Forum, in a recent webinar on student privacy and safety during online learning.
Therefore, it’s crucial for schools to assess their current videoconferencing system and make sure it complies with regulations such as the Family Educational Rights and Privacy Act (FERPA), which prohibits schools from disclosing personally identifiable information from students’ education records without getting parental consent first.
Vance explains that the “school official” exception under FERPA is what lets schools use online educational services from third-party vendors. But before they can use them and share student information, Vance says they need to ensure that the provider meets several requirements; for example, “fulfilling an institutional service or function that the school would otherwise use its own employees for” and “being under the school’s direct control” in terms of how the vendor will use obtained records.
There’s also no one-size-fits-all solution when it comes to videoconferencing because school districts use different methods for remote instruction and have student populations with varying needs.
Therefore, it’s important to identify why and how educators will be using videoconferencing tools — whether it’s for live online instruction or just to check in with their students. For instance, some classes may benefit from a virtual whiteboard feature, while others may want a platform that can assign teachers a phone number with their account. Schools should also document policies around those uses and communicate them with students, parents and any other school personnel, according to a Consortium for School Networking (CoSN) brief.
2. Take Advantage of Security and Privacy Controls
The good news is that securing a video meeting is relatively simple, Peterson says. Most videoconferencing platforms have features — from data encryption to multifactor authentication — that can protect against cyberthreats and ensure privacy online. But IT administrators still need to ensure controls are sufficient for how their school’s teachers and students will be using videoconferencing technology.
One key feature that can prevent outsiders from jumping a call is password enforcement, Peterson says. Platforms such as RingCentral Video, Zoom for Education and Cisco Webex allow users to set up meeting passwords for unique meeting room IDs which participants will need to enter before they can join the meeting.
Platforms with tight administration controls can also keep video meetings safe for teachers and students. For example, Google Meet and Microsoft Teams have controls that assign meeting creation privileges to teachers and staff members and allow meeting creators and calendar owners to approve requests made by external participants to join a video call. Some platforms let hosts lock their meeting rooms, which prohibits anyone else from joining the video call.
Peterson also advises IT staff to check administrator logs to track video meeting activity within schools. This allows them to see usage data, such as when a user starts a meeting, who is joining a meeting and where they are joining from. Plus, school districts should look into adopting platforms that have gone through third-party audits to further verify their security, privacy and compliance controls.
3. Teach and Follow Good Cyberhygiene Practices
Another key defense to security and privacy threats during videoconferencing is having good cyberhygiene, Peterson says.
For example, users who are on platforms with password enforcement features must create strong and unique passwords for each meeting and make sure those passwords are stored and shared securely. Also, meeting hosts should always check who is in the participant list before starting and ending the meeting.
Students, teachers and other school staff should also be taught how to behave appropriately during videoconferencing, Peterson says. That includes reminding educators about data privacy laws and teaching them how to use host controls such as turning off a participant’s camera or microphone and removing a participant from a meeting.
Overall, users and administrators should think of their online classrooms as they would their classrooms at school, Peterson says. “There are people who can come into the classroom, and then there are people who should never be in the classroom,” he says.