As schools shift to online learning, what should they do about cyberattacks?

Hannan Adely, NorthJersey.com
Updated ·4 min read

PATERSON, N.J. – Some students got a lesson in the pitfalls of virtual learning when their online classes were interrupted by obscenities, pornography and threats against teachers.

Paterson schools aren’t alone in dealing with electronic intrusions in the age of virtual learning. Similar incidents have been reported in districts from California, Miami and Ohio to Lumberton, New Jersey, which was bombarded with pornographic images and racist language during Zoom conferences in April.

Problems with online security and privacy – from student pranks to ransomware attacks – are expected to get worse as schools shift to full- or part-time virtual learning because of the coronavirus pandemic, experts warned.

“Zoom bombing, cyberbullying, phishing – you name it, it has increased astronomically. Everybody needs to be really mindful about security right now,” said Kutub Thakur, an assistant professor and director of the Cyber Defense and Security Program at New Jersey City University. “Because everything is online, hackers are more active. They target school systems and students who are young, and they don’t really have any boundaries.”

There's a bigger demand for remote learning.
There's a bigger demand for remote learning.

In the spring, disruptions by intruders who spread hate-filled and pornographic content became so common that a term was coined for the online invasions: “zoom bombing,” named for the popular videoconferencing platform. Zoom and other technology companies responded by unveiling security updates, including encryption and privacy controls.

In Paterson, this month's intrusions came on Google Meet, another platform used widely by schools. At least 20 of the city’s roughly 50 schools were affected by the onslaught of inappropriate content, according to educators.

Friday, the school district identified five to 10 students who may have been responsible. Officials said the culprits apparently got access to classes they were not enrolled in because students shared links and codes for the Google Meet sessions.

A class of 100? COVID-19 plans overwhelm teachers with huge virtual classes

“If you have a public meeting where a password and link can be shared, that can cause problems,” said Jaideep Vaidya, director of the Rutgers Institute for Data Science, Learning and Analytics. “People can log in from different accounts. They can share it with friends who are not even in school.”

The most important defense measure schools can take, he said, is to continuously update software applications and use security features that control when people get admitted, who gets admitted and what they are allowed to do.

Schools can make meetings private, open them only to invited participants and ask students to log in with a unique ID and password. The meeting host can use a “waiting room” to admit students individually into an online class.

Some apps allow the host to block the transferring of files, mute microphones and restrict people from showing their screens.

Given the sheer number of people online, more problems can be expected. It’s not just salacious content that’s a concern.

Computer experts advise schools to continually update their software to protect students who are learning at home.
Computer experts advise schools to continually update their software to protect students who are learning at home.

Vulnerabilities of online learning

Schools are vulnerable to phishing, a process by which scammers use fraudulent emails to access personal information or install malware. That can lead to ransomware attempts, in which scammers get access to a system and block a school from data and files until a ransom is paid.

In New Jersey, ransomware attacks were reported in Livingston and in Cherry Hill last fall, and Somerset Hills was hit this month. Hospitals and other businesses also have been targeted.

For criminals, the schemes targeting schools may look even more attractive, Vaidya said, given how dependent they are on virtual learning. That could drive up ransom demands or make districts more likely to pay promptly, he said.

Thakur said schools must ensure that anti-virus software and firewalls are up to date and that security devices are checked on a regular basis. Schools should back up all information and files in case of a ransomware attack.

Cybersecurity problems result from human action, so schools must educate staff, students and parents to prevent them, Thakur stressed.

COVID-19 and schools: Summer parties, teacher shortages push suburban schools to scrap reopening plans

“Invest in online security education and how you protect yourself," he said. "In every class, there should be some kind of security awareness training and some sort of security guidelines."

Another tip: Schools should provide a disclaimer or warning that information about online classes and activity is restricted and cannot be shared outside invited participants.

Paterson officials are trying to get that message across by disciplining those suspected of disrupting learning in nearly half the city’s schools.

Superintendent Eileen Shafer said the district was trying to confirm the students’ roles in the disruptions.

Eileen Shafer, superintendent of the Paterson, N.J., school district, takes a "zero tolerance" policy on cyberattacks on virtual learning.
Eileen Shafer, superintendent of the Paterson, N.J., school district, takes a "zero tolerance" policy on cyberattacks on virtual learning.

Shafer said the Passaic County Prosecutor’s Office would be notified about students who showed pornographic images in the virtual classes and the Paterson Police Department alerted about those who made threats.

“There’s zero tolerance for this,” Shafer said in an interview. “We wouldn’t tolerate it in a classroom in a physical building, and we won’t tolerate it online.”

Contributing: Joe Malinconico

This article originally appeared on NorthJersey.com: COVID-19: Are schools with more online learning safe from cyberattacks?