The current pandemic resulted in a crisis for schools, colleges, and universities across the world. With physical buildings closed, most educational institutes moved to emergency remote learning and working.
Here in this article, we talk about eLearning Security and why it is a matter of concern for educational institutions.
What is E-Learning Security?
E-Learning is a unique learning system based on formalized teaching that includes electronic resources. While E-Learning security is the security applied to materials that comprise study notes, references, demonstrations, personal details, etc. It is about protecting from malicious or accidental misuse of online learning resources (Adams & Blandford, 2003; Neumann, 1994). Security in online learning has three basic requirements: Confidentiality, Integrity, and Availability (Adams & Blandford, 2003; Serb, Defta, Iacob, & Apetrei, 2013; Weippl & Ebner, 2008). 'Confidentiality' refers to protecting the access of sensitive information by unauthorized persons (Serb, Defta, Iacob, & Apetrei, 2013; Adams & Blandford, 2003) and the absence of unauthorized disclosure of information (Weippl & Ebner, 2008). 'Integrity,' a critical element of security, refers to protecting data from intentional or accidental unauthorized changes (Serb, Defta, Iacob, & Apetrei, 2013) and the absence of improper system alterations (Weippl & Ebner, 2008). Furthermore, 'availability' means the readiness for correct service (Weippl & Ebner, 2008).
Whilst in education there is a dire requirement to make information available for free; also there is a counterpoint that there are occasions where data collected by education institutions have to be published and protected, at the same time. So e-learning security requires that some information is public and remains public, whilst other information is private and requires protection.
In fact, any mechanism that is providing eLearning security needs to honour both regimes simultaneously.
A rising concern
We already know that cyber threats are never static. Millions are created every year. And, cyber-crimes are rising at an unprecedented rate; probably due to our increasing reliance on technologies. There is no slow down, either. Whether you are an individual, a business firm, or an academic institution, you have to rely on computer systems every day, and that could lead to your victimization to cyber-crimes.
These cyber-attacks are not new; however, the sudden shift to remote learning led to a sharp rise in cybercrimes. Cybercriminals are becoming more sophisticated. They are busy finding new ways to defraud schools, steal sensitive information or deploy ransomware schemes to extort money through techniques like Phishing mails, Distributed Denial-of-Service (DDoS), Data Breach, Ransomware, and IoT Vulnerabilities. According to Microsoft's Global Threat Activity Tracker, more than 8 million malware incidents took place in the past couple of weeks — with education being the most affected industry. The apparent reason is the recent rush to adopt e-learning. FBI's Internet Crime Complaint Center (IC3) made a public service announcement recently warning how cybercriminals are taking leverage of the transition to online learning due to COVID-19 through increased targeting of virtual environments, including those utilized by schools.
Another survey from Kaspersky revealed a surge in distributed denial-of-service (DDoS) attacks on online educational services in 2020, compared to 2019. The total number of DDoS attacks increased by almost 80% in the Q1 of 2020, compared to Q1 2019 as per research. Between January to June 2020, the number of DDoS attacks affecting educational services increased by 350% in comparison to the corresponding months in 2019, the largest rise reported in January 2020, by 550%.
There are several instances for the same, like Hartford Public Schools, Connecticut, cancelled the first day of its online and in-person classes on Sept. 8, 2020, after a ransomware attack shut down parts of the district's IT system, although classes resumed the next day. Similarly, on Aug. 30, 2020 classes were disrupted at Newcastle University in England following what the school called a "serious cyber incident" affected networks and IT systems across the campus. This ransomware attack got linked to the DoppelPaymer gang.
In the US, Canada, and the UK data of eight universities (University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College, Oxford and Ambrose University in Alberta, Canada) in July have been compromised by hackers, after the malicious actors launched a ransomware cyberattack at the firm responsible for administrating those schools' data.
Apart from malware, educational institutions also witnessed an increased risk of data breaches and student privacy violations. In past spring, it was "Zoom bombing" that became part of the general lexicon after few pranksters, and ill-intentioned individuals started taking advantage of Zoom's security weaknesses to break into private online meetings. Among the victims were schools, with several reported online classrooms being interrupted by users making lewd comments or streaming adult contents.
While all these incidents are taking place more frequently, it is not wrong to say that E-learning security is "The Need of the Hour." It is time to get worried about E-Learning Security. It is the time to look after the potential risks that online learning is exposed to and provide adequate E-Learning security to educational institutions, teachers, and their students.
Follow these simple steps to prevent cyber-attacks:
- Train your students and teachers on the principles of cyber-security.
- Install, use, and update antivirus and antispyware software more often on your computer.
- Use a firewall for internet connection.
- Make sure you download and install software updates for operating systems and applications when they become available.
- Have backup copies of important data and information.
- Make sure no third person has access to your computers and network components.
- Keep your Wi-Fi networks secure.
- Require individual user accounts for each teacher/student.
- Limit your employee's access to data and information and limit authority to install the software.
- Keep strong passwords and often, change them.
To know more, click here.