In a recent alert, the US Department of Education shared an alarming presentation made available by the Privacy Technical Assistance Center. In Security Threats: Education Systems in the Crosshairs, security advisor Mike Tassey highlights the fact that data breaches, hacks, and privacy spills are extremely common. Security threats have affected almost every industry, from NASA, Citigroup, and Sony, to the Clarksville-Montgomery County School System.
Cyber-theft has become fully commoditized, making it easier than ever to get involved in the business of stealing information. There is a black market for privacy data. There is also an underground economy where over two million pieces of malware are built and sold every year.
This malware aims to gather personal information like Social Security numbers, addresses, and birth dates. This is the same kind of information that proctoring services often collect, distribute, and store. This information is then used to obtain credit, purchase items, and perform other criminal activity. In his report, Tassey specifically indicated that these thieves highly value children’s identities, because they are “fresh”.
The scariest part is that, usually the theft is accomplished through malware that is installed onto devices by the user themselves. These installs are not the result of installing pirated media or poor internet security settings. People add plugins or extensions to their browsers, which create a way for others to steal their information.
Unfortunately, most online proctoring services rely on these plugins or extensions. Malware can enter the user's computer during installation or with any update, all without the permission or knowledge of the user.
The only way for a user to minimize the risk of malware, is to uninstall the plugins/extensions immediately after use. In his report, Tassey cited that on average “there are 1-5 bugs for every 1,000 lines of code”. For this reason, organizations should also complete a code review for both potential malware and errors in code. If organizations do not complete code reviews, they are leaving themselves open to hackers adding malware, up to and including before code updates.
If nothing else, organizations should be instructing learners to disable or uninstall proctoring plugins/extensions after use.
Visit the US Department of Education website for more information about protecting student privacy.