India at large was never seen as a country that had invested into online mode of education at the School level, though the graduation level did have limited implementation of IT and ICT services as eLearning or online learning modes. The schools in India, were taken by surprise when the Corona Pandemic forced them to go online in their modes of imparting education. The schools were already struggling with the inevitable incorporation of IT and ICT as also the threats due to Cyber Security and Cyber Safety; and it is then that they have been thrust with the need to go completely online to keep the process on education or academics going. Notwithstanding the vulnerability that were prevalent on the cyber domain, the schools in India were on the path of adopting an IT enabled education system. Today, many schools are ill-equipped to securely migrate to a completely digital learning experience, so it comes as absolutely no surprise that these vulnerabilities are so prevalent, especially when there are no fall-back options for schools to initiate a conventional form of education to students. This phenomenon is not restricted only to Schools but also to the innumerable Graduation courses in the country.
While many educational institutions and businesses continue to maintain online instruction for the fall due to the pandemic, Cyber experts have been warning that the online learning structure will make students and families increasingly vulnerable to cyber-attacks. Especially when the Indian population is less literate on the Cyber Safety front.
The use of online meeting applications, like Zoom, Google Meet, Google Classroom, Skype, Microsoft Team, Webx, etc are on the increase, so is the threat from all these applications. And many the crime while using these applications are due to mismanagement of the complete ecosystem. Zoombombing, was a reported threat that had threatened the student community as early as March 2020. (Zoomboming is also called Zoom raiding and this is an act of unwanted disruptive intrusion, generally by Internet trolls and hackers, into a video conference call)
It is but a fact that Large-scale online learning was implemented in a haste manner in institutions across the country due to the sudden disruption of traditional in-classroom activities by the Covid-19 pandemic, leaving campus networks open to vulnerabilities. Since COVID-19 struck the conventional education system in India, those responsible for IT in schools have been found shopping applications/hardware/service providers, so as to facilitate the continuation of business. The security experts at these schools, are also making endeavour to patch ‘all the things’, prepare for disaster recovery, business continuity, conduct third-party and vendor risk assessments, create cyber security incident response plans, write new policies and procedures, source equipment, ensure everyone has a VPN (Virtual Private Network) ready to go, having password policy, adoption of MFA (Multi-factor Authentication), and monitoring the increased internet traffic as everyone studies remotely. But it should be remembered, that Cyber Hygiene, both at the service provider end and the user end, is not a thing that will come naturally and is a process that involves awareness and practice.
Unfortunately, it’s too late to help us during this current pandemic but cybersecurity should be embedded into the school curriculum, atleast from now on. If we as a community, were to start with foundational aspects then build on it each year throughout school and higher education, we would be in a position of strength to combat the threat and ensure safety to our children, for whom this online mode will be now be part of the new life-style for the next generation. Parents will also have to educate themselves with the knowledge to protect themselves and their children, both at home and workplace against cyber threats.
Cyber Secure India, proposes to suggest some basic actions that need to be adhered to ensure a safe experience both for students and parents while adopting the online means of education in this post Covid-19 Pandemic era:
- Use a device that is secure, ensure that the gadget or device being used is optimised to load the current software that is not ‘End of Life’. An upgrade to hardware to cater for the utility software should be made. Obsolescent hardware should be done away with.
- Avoid use of those gadgets and devices that are used by elders or parents for secure transactions or work, for the purpose of online education of children.
- Install a legitimate software, that is still supported by the OEM, or use those that has shelf-life remaining.
- Install security software like anti-virus or firewall, etc
- Use an account that is other than admin account while going online.
- Remember to login to an online service with complete security turned on. Subsequently, on establishment of trust, the features can be allowed or disallowed on review.
- Always start a session on the learning portal or application with the camera and microphone turned OFF. (subsequently the facility can be turned ON as per requirement)
- Use passwords and multi-factor authentication
- Update the operating system at the earliest.
- Use a browser that is secure and access the same with all the privacy and security settings turned ON.
- Update all software including applications that are being used while being online or those installed on the computer/ device.
- Always install any required application downloaded from legitimate store or from authentic sites.
- Verify all links received on email or from social media, before clicking on them.
- Do not share sensitive information and those that are confidential unless the domain is trusted.
- Ensure that the site and the browser is secure prior to passing sensitive information. Check for “https” protocols while performing financial transactions or while using login credentials.
- Sharing of files on cloud services should be based on limited access or it should be done to those on locked IDs.
- Never open multiple tabs and also avoid concurrent opening of secure websites or pages related to finances, while on online mode of learning schemes.
- Remember to logout any online classroom or application after you have finished with your online learning portal.
- Avoid accessing emails or confidential websites when on online eLearning mode/activity.
- Always use a secure connection and a trusted broadband/WiFi connection. Avoid using public WiFi.
There have been reports that the number of student victims to cybercrime has increased by over 30% since January 2020, after the number of online students have been found to be increasing. The rapid move to online teaching and learning as a means to curtail the spread of COVID-19 has exposed many schools and universities to greater risk of cyber-crime. The phenomenon of APT or Advanced Persistent Attack has also been on the increase. (Advanced Persistent Threat (APT) Cyber Attack, uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences)
Schools and Parents have to ensure that their children/wards are safe on the web, as they take the new advantage of the online mode, which is otherwise inevitable during this pandemic scenario. If in doubt about the cyber risk that is prevalent on the child or student online, parents/wards or the school management should seek professional advice. It is also advised to prepare a Security Manual at all levels and maintain a checklist or a adhering to a published/prepared safety guideline, while using the eLearning or Online mode for education. The teachers and school management should also devote some time to Cyber Security and Information Awareness aspects when they are online with the students and also with the parents.