The COVID-19 pandemic has affected us in ways that we didn’t foresee, and some of the most notably affected are teachers and parents. Teachers are more than necessary employees and are being forced to completely turn their lives upside down to continue education. With school and daycare closures, parents are not only juggling how to work from home but also transitioning their children to a remote learning schedule too.
When chaos arises and fear abounds, people start to take shortcuts just so they can manage, and one of the first things that is overlooked is security. Security is often seen as a roadblock rather than a necessity, and in this time of vastly increased online communication security has to be top of mind – especially for teachers and parents. Education has always been a target for cybercriminals because of the open “knowledge-share” mindset, and it’s only getting worse through this crisis.
One great thing we’ve seen come out of this is how the community has banded together to help our fellow humans, and in the spirit of that, I’ve pulled together some tips for teachers and parents to help keep themselves and the children they are teaching safer online during this time.
Teachers:
First and foremost, if you are concerned about something – ask your IT and security team before doing anything. Please do not try to find workarounds – there are reasons why protocols are in place. I understand this can be frustrating, but hackers are running more rampant than ever and your actions can directly affect the online safety of a child.
A lot of these tips somewhat feed into each other. I’ve broken them out to make sure you have every option spelled out possible.
- Use credible conferencing services for classes instead of social media as much as possible.
Services like Zoom and WebEx are created for enterprise-grade videoconferencing, which means they have to abide by strict security regulations such as encryption levels and HIPAA compliance. They also have more secure functions within the meetings that can help ensure only people who are supposed to be there are there. If you *have* to use Facebook – make the group private and unsearchable. If you need assistance doing this, check out how to do that here.
- Make sure you have the waiting room set up correctly.
Since you will be using this format for most of your meetings with children, fellow teachers, and parents – it is incredibly important that you have the waiting room set up. This ensures people can only join the meeting if the host (you) has started the meeting. If you are discussing sensitive information on that bridge and someone who isn’t invited joins that meeting, you could be sharing confidential information to other students and parents. Not to mention, it’s just annoying to have the meetings overlap.
- Use a unique conference ID for each meeting.
Most conferencing platforms have a feature like “My Personal Room” which is the same link and code for ease of recurring meetings. While this is tempting to use – the problem is once someone has that link, they can join it at any time. If this is not an option for you, abide by tips 4 and 5.
4. Require a passcode and change it for each meeting.
When you are setting up a meeting, whether it be 1:1 or the whole class, go into the settings and require a passcode to enter. Share the code through a verified channel (like in the email invite or via phone to the parents). This makes sure only the people who were invited are at the meeting. Change these passcodes for each meeting so they can’t be reused!
5. Lock your meetings.
Once everyone who needs to be in the meeting is present, lock the meeting. This also ensures that only invited people can join. Could also be interesting from a tardiness perspective too – it’s like locking the virtual classroom door for latecomers!
6. Only use school verified platforms for sharing assignments and feedback.
You’re more than likely already utilizing tools like Google Classroom or Blackboard to manage assignments – and if you aren’t, you probably will soon. Keep using these platforms, and only these platforms. It can be tempting to use personal storage sharing in times like these (such as iCloud or Dropbox) but avoid using these unless they are managed by the school’s IT team. If proper privacy controls are not in place, you could be providing access to your personal files unwittingly. You could also be utilizing a “tool” that is compromised and downloading malicious content which puts you and the children at digital risk.
- Alert the parents through a verified channel when you are sending out links.
An easy way for an attacker to gain unauthorized access is by pretending to be a trusted source – aka you. If you are starting to use a new platform (especially one that requires a download) alert them so they know it’s legitimate. This will help ensure programs that need to be installed will be done in a timely manner as not to disrupt learning, but also done in a safe way.
There are many more tips that are important for safe remote working, you can see a good example of that here. If you have any questions, feel free to reach out to your IT team and other people who are in security to make sure you are staying protected.
Parents:
First and foremost – if something seems a little off, ask before you click or download. It is better to be safe than sorry – with so much of our lives online, these exposures can have drastic consequences. Especially if you are using personal devices to connect your child to online learning, without utilizing good security hygiene you could be putting your and your child’s data at risk.
- If you don’t have one already, get a webcam privacy cover for every device.
Laptops, tablets, even phones, it’s best to keep your camera covered when you’re not using it. This can not only help avoid embarrassing moments, it is also a good privacy tool against malicious actors who have hacked into webcams. You can find them on Amazon, here is a good example. Pro-Tip – if you have a Macbook, regular privacy screens can damage the touchpad and prevent it from fully closing. You’ll want to get an ultra-thin magnetic one like this one here. A quick fix also is using duct tape or a post-it to cover the camera if you cannot get an actual cover.
- Always, always, always double check the sender before clicking or downloading anything.
If you or your child gets an email that is prompting you to click or download something, double check to be absolutely sure it is a verified source. If you are even the slightest bit concerned – ask! Give the teacher a call or text to verify they actually sent it. If your child receives an email that is “from” your child’s school or teacher and is actually not, report it to the teacher and/or the school’s IT department immediately, and warn your fellow parents. Furthermore, if you or your child clicks on something on a school-managed device – report it to the teacher and/or the school’s IT department. If this happens on a personal device, contact your trusted IT support for guidance.
Some tips for finding phishing emails are:
- Spelling errors
- Strange sentence structure
- Emails with “urgent action required” or some other call to action
- Email domains that don’t match the name (Ex.: gooogle.com instead of google.com)
- Saying “Dear Parent” or something similar instead of using your name or your child’s name
- Asking to confirm personal information via email or forcing you to their website
- When using videoconferencing, be sure there is no personally identifying information in the frame.
This one is important, especially since we have seen lots of photos of teachers and parents taking photos of the video chats and posting them on social media. Before you join a videoconference, double check that there is nothing in the frame that could give away information like your address, apartment complex, or other personally identifiable information. Best case scenario is to have the camera facing a nondescript background. Avoid things like the camera facing windows that are open where street signs are visible, etc. This is also a good tip for any posts on social media.
- Follow the school’s online safety recommendations.
If you have gotten an email from the school’s administration with suggestions for security tools to implement (such as multi-factor authentication, password manager, antivirus, and VPNs) do this sooner rather than later. Even if they haven’t – they’re important to have in place in general.
- Check out general child online safety tips.
There are several blogs that are around this, but with all the additional time spent online – it’s good to set up very specific guidelines for internet safety. Here is a very comprehensive blog on the topic.
The most important part of all of this is to be vigilant. It’s easy to find workarounds to make our lives easier – but with the situation going on in the world it’s more important than ever to be mindful of our online activity. Remember, if something seems off – it’s always better to ask.