Microsoft’s Global Threat Activity Tracker detected almost 90 million cyberattack encounters worldwide within the last 30 days, with the education sector facing the maximum at 60% of all attacks. Although now almost a truism, it is still important to note that the pandemic has hastened the shift to online education. Cybercrime, whether in the form of data theft, phishing, ransomware (publishing a victim’s information unless a ransom is paid), or even cyberbullying, is become more prevalent within the education ecosystem, impacting schools, teachers, and most significantly, students, who are largely minors.

Global Threat Activity

At the level of the individual, cyberbullying remains a grave concern. Last year’s horrifying scandal around the Bois Locker Room group chat on social media sparked a conversation about the gendered vulnerabilities and safety of students online. The case left Indian society – including individuals, social media companies, lawyers, and others – walking on a tightrope on the debate of online privacy versus misogyny and accountability. While some argued that the chats were private, others argued that they constituted undeniable sexual abuse and thus were criminal. While women have been subject to the same kind of violent language over generations, it was coupled with a false sense of online invisibility and thus a lack of accountability. Strong privacy tools like encryption are essential for everyone who uses the internet, but even more so for women and other socially marginalised communities who face greater threats to their rights. To read our dedicated article on cyberbullying, please refer to the July 2020 issue of our monthly newsletter for teachers, “Teaching as Lifelong Learning”.

At the institutional level, while digital learning has incredible benefits, it has brought with it a whole host of cyberattacks, making it imperative to strengthen system defences. Learn-from-Home almost universally meant ‘bring your own device’ or BYOD, thereby rendering an institution’s cyber-security infrastructure largely inapplicable. “Zoombombing,” an unwanted disruptive intrusion into zoom calls, became part of our lexicon during COVID-19 and highlighted the weak security measures of the digital tools we use daily. Further, the news of over a thousand Indian schools suffering cyberattacks exposed the gaps in our policy plans to deal with them. One of the most common forms of attack is Distributed Denial of Service or DDoS, costing victims up to $40,000 per hour while incurring a cost of only $40 to the attacker. These are malicious attempts to flood a server with surrounding internet traffic, thereby disrupting its normal functioning and overwhelming the target. As a result, students and teachers are denied access to educational resources. In August 2020, DDoS attacks hit a record high in India, as per a study by the global cybersecurity firm Radware. Even younger K12 students face threats to their data privacy as an increasing number of students sign up for classes on EdTech platforms, some of which have been prone to data breaches, with data of millions of students sold on the Dark Web.

So, we must ask: What can we do to prevent these various forms of cyberattacks on our students and their institutions? Investing in cybersecurity, no matter how big or small the institution, is vital in the digital age. Anti-virus systems and firewalls are still relevant for individual devices, enabling two-factor authentication is increasingly recommended, and a robust policy needs to be in place. But the first step is awareness. Unless the entire ecosystem of teachers, students, parents, and staff are aware of the nature of attacks and the extent of damage they can unleash, even detection will be difficult. Students must understand the value of staying safe online before being taught the operating mechanisms. Taking precautions to recognise signs of phishing, fraud emails that mimic business ones, or unauthorised access or making sure passwords are strong can stop major breaches from occurring. As part of Schoolnet’s pedagogical offering, the competency-based course on “How to Teach Effectively Online” features two important modules on cyber-safety and security precisely for this purpose.

As schools and colleges continue to either remain online or move to blended learning, cloud-based security also becomes necessary. Experts also recommended taking a layered approach – this means linking the users, applications, and infrastructure for a more holistic security policy. Cloud Access Security Brokers (CASBs) act as an intermediary between users and cloud service providers, also allowing an extended reach of policies from on-ground to the cloud. This will ensure better security of critical data – including student’s details, financial information, teacher’s data etc., as well as a mandate to meet compliance requirements. Cooperation between the HR and IT teams at an institution can ensure better monitoring of who enters the system – both offline and online. We also need a system of sharing best practices for education cybersecurity, investments in training all stakeholders in its use, and upgrading of both hardware and software to maintain the highest level of safety for the most vulnerable population – school students.

Therefore, cybersecurity being a multi-dimensional concept is important for anyone who uses the internet – which today, is 45% of the population. With e-learning booming, the education sector stands in the face of looming threats unless adequate precaution is taken. This means involving every actor in the ecosystem from parents, students, and teachers to the administration, video-conferencing companies, and specialists in cybersecurity. In addition to the extensive financial damage, cyberattacks cause worry for theft of personal information and the individual right to privacy.

Cyber Scuirity

Devika Chandra