Stay safe. Stay smart. Stay skeptical.
During the COVID-19 pandemic, without online platforms such as Zoom, Skype, GoToMeeting WebEx and others, there would be no real means to provide public education with visual interaction and accountability. As the educational world has moved to remote settings for classes and meetings, there are both pros and cons to this necessary measure—it allows the ability for educators to communicate with their students throughout the day, but also creates certain threats and risks.
We have already witnessed many issues and disruptions in remote learning. Beyond usual classroom behavioral disruptions, the much more serious threat is coming in from outside the classroom through what has become known as “Zoombombing,” or when outside parties seek to disrupt Zoom or other online chats and gatherings with potentially harmful behavior. These types of attacks have been occurring at an alarming rate and are threatening to the educational community.
These attacks are the kinds of incidents that could ruin careers or institution’s reputations. There have been cases across the country in which educators or specific institutions are being targeted—when these meetings are left “open,” they allow uninvited attendees to enter, listen and potentially take control. The largest risks to these threats are reputational loss and leakage of data/information; many of them have been disrupted with inappropriate postings or outbursts, and since all meetings can be reproduced if needed, this creates a large vulnerability for educators.
The threat to the institution comes when there are multiple “attacks” in which numerous classes are interrupted and it becomes recognized in the media. In this unprecedented time when college prospects are having to do virtual tours and deciding their future from afar, these incidents could have a major impact on a student’s decision as to where they will spend their college days. This reputational loss may lead to a significant impact on the economic health of a college/university; while awareness of “Zoombombing” is increasing, without proper security measures, student recruiting efforts could go to waste.
If an educational institution does not take the proper security measures, confidential or private data could be leaked, especially from presentations during screen-sharing or if the meeting is recorded. Leaking of this information can be used as blackmail (similar to a ransomware attack for either money or leverage) and can further harm an institution’s reputation. If the information displayed during a virtual chat involves proprietary documents, hackers could gain control of it and a further risk could ensue, causing serious long-term harm.
The unfortunate reality regarding those who seek to cause harm in this way is there is plenty of information widely available that can basically provide a playbook on how to execute one of these intrusions. Which is why hyper-vigilance is not only preferred, but imperative.
The level of risk really depends on what is being discussed and how loose people are in their conversations. If meetings are hijacked and then posted to social media, the harm can be severe and can cut deep, to both the institution and the individual. Everyone involved needs to agree to the rule that if you don’t want something known, don’t post it in the meeting, and to be aware of what you have voluntarily offered of yourself and your organization during these discussions.
Given the current pandemic, these platforms need to be viewed as both a saving grace and a necessary evil. Educational institutions need to ensure that security measures are in place and that the users have not only a high level of security awareness, but knowledge on how to securely conduct classroom meetings via this platform. If the company has security measures and policies in place, it will likely be safer from outside harm. However, every organization/institution is different, so an assessment of its security posture should be performed in order to make an informed decision.
With awareness of “Zoombombing” and the right procedures in place to protect against it—including requiring encryption for third-party endpoints, disabling file transfer, using a password to log in and generating random meeting IDs for every meeting—the consequences can be avoided. This is why taking these steps ahead of time could place your institutions on much safer ground; the small amount of time needed to put these measures in place will be well worth it in the end.
At the end of the day, it is about protecting our students, educators and institutions. We want to protect our students from being exposed to harm and our educators and institutions from reputational risk. The best advice during this time is simple. Stay safe. Stay smart. Stay skeptical.