Last week, we discussed how vulnerable online classrooms can be to attempts from external actors and what routes they may take to get there. But as is the case most of the time in cybersecurity, the easiest entry method for hackers is the most direct one.
These direct access points are often opened by a user who already has access and permission to grant it to others. Whether it is done unintentionally or not, these direct paths must be monitored and re-closed by MSPs when needed. We once again spoke with Bill Barge, Associate Professor at Trine University to identify how these paths are forged internally and how MSPs can best keep them sealed.
Student behavior
When the campus is occupied, teachers, internal technology, and the efforts of MSPs can monitor to ensure learning takes place in a fair and unfettered environment. Working from home throws all of that into peril, and there isn’t much an MSP can do about the behavior of kids. Although Barge has so far been heartened by what he has seen in that regard.
“Students cheating on exams was a concern many of us had when we switched from face-to-face to online classes,” recalls Barge. Scores from exams taken during the stay-at-home order are pretty consistent with what they were before campus closed.
The semester’s final exam scores were better, but Barge doesn’t think cheating was the answer.
“I changed the way I taught, published more examples, posted answers to sample questions, and told students the exams were open book open notes. I probably spoon-fed the students more than I would have in a face-to-face setting, but these students did not sign up for an online class,” he adds.
Barge states for three of his classes, exams were available for a week, and students had 120 minutes to complete the exam, which is Trine University’s standard final exam time limit. Barge created a test bank and randomized the selection of questions so that, in theory, every student received a different exam.
“I expected the grades to be higher because the students didn’t have to just go by memory but could use their notes, but no one earned a perfect score,” admits Barge.
Sometimes you have to trust
“Could the students have contacted each other and discussed answers? Yes, they could have, and there is not much that I could do to stop it,” Barge asserts.
The school does use an educational platform called Moodle, and they have a lockdown feature that restricts access to anything outside of Moodle while completing the exam. Moodle also has a feature to record (via the students’ computer web camera) each student taking the exam.
“But I did not use either of these Moodle features. Instead, my thought was that 120 minutes was not enough time to learn the material while taking the exam,” explains Barge. Sometimes, a little trust goes a long way.
“With the randomizing of exam questions and good exam scores, I think students used the materials I provided to study for the exam,” Barge states.
As in so many instances, the most potent tool that MSPs can wield is education.
Educating the educators
But the education for an accounting office is different than for a group of college kids. Today’s college students are so comfortable with technology that they can forget how easy it is to be compromised. MSPs and institutions “need to show how easy it is to get confidential information and then discuss how to protect it,” advises Barge.
For instance, is a free charging kiosk at the mall or the photo printing terminal at the store accessing data on your phone? Should you use free Wi-Fi at restaurants and hotels? These are questions students need to be pondering.
Each student, if they aren’t careful, can represent a cybersecurity threat to the whole university community. Students need to be shown potential breaches in a language they understand, which is often social media.
“About ten years ago in my Information Security class, I used a Firefox add-on named Firesheep to capture students’ Facebook credentials. They became very interested in what I had to say after I showed them what I had collected,” noted Barge, adding that schools could benefit from more of that type of training and MSPs can step up to offer it.
MSPs can’t do much about the behavior of students, but they can play a role in providing a safe cyber environment for them on and off campus.
Photo: vipman / Shutterstock