The increased use of online learning and meetings has prompted a rise in concerns about cyber security, but there are concrete things school leaders can do to protect their students and staff.
Some recent incidents hit close to home. Earlier this month, a Milwaukee Election Commission Zoom conference call was taken over by nefarious users, causing the meeting to be shut down. During the call, pornography, racial slurs and insensitive images appeared. Milwaukee’s ABC TV-channel 12 reported that an imposter posed as Zoom tech support, only to cause more havoc.
Cyber experts call this being “Zoom bombed.” They say the chaos was caused because the commission publicly posted the meeting ID and access code, thus allowing an open door for bad actors.
Schools are not immune to Zoom bombing or hacking. Colleges have reported unauthorized visitors entering online classes and meetings and displaying inappropriate images or uttering racial or sexist slurs.
The New York Public School District has ordered its schools to stop using Zoom, and move to other platforms that better ensure student privacy and safety.
Steps You Can Take to Keep Remote Learning Safe
- Always set your meetings to private, not public.
- Never publicly post the meetings ID or access code.
- If you are hacked, shut the meeting down and start a new one. Do not reuse the same meeting.
If you continue to use Zoom, here are some specific steps you can take to protect your students, according to an FBI Zoom security memo:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.