The social distancing measures requested in response to COVID-19 pandemic and in order to combat the spread of the new coronavirus, they imposed significant changes to habits and lifestyle that we took for granted until not many weeks ago. In addition to personal habits are profoundly change also the professional and study ones, with the diffusion of smart working, teleworking and distance learning practices.
In particular, as well as other technologies that are widely used in this period, even distance learning tools had already been on the market for some time and with strong similarities to the solutions that companies have used to implement smart working.
Strong similarities but also an important difference: the solutions chosen by companies and organizations, often already adopted previously, are commercial where those who have had to quickly set up the tools to make distance learning possible have relied perhaps on trial versions or free. The limited availability of features in trial versions may go to have a impact also on the security sphere that in the world of distance learning are varied: not only the security of the chosen platform, but also the possible threats to privacy and control of those who exploit the communication platforms and any problems of copyright on the documents shared on these platforms and, last but not least, the protection of minors and people who use the platform itself.
Trend Micro offers a handbook of practical tips to be taken to keep safe:
Trend Micro's advice for students and parents
- Install a Commercial Antivirus software and enable Parental Control on the computers used, in order to check for any malware, set the times of use of the computer itself, activate the privacy control features on social networks and control web browsing
- If you use a commercial router, not managed by a telephone operator, check or have a specialized technician check that the firmware of the router is updated
- Make sure you have installed all the updates of both the operating system and the programs used, for example the office automation suite, the pdf file reader, the internet browser and all the programs that are used for distance learning
- Activate the firewall features, now present by default, even in operating systems that have a standard configuration
Trend Micro's recommendations for teachers and institutions
- Choose commercial platforms that offer a trial service, to verify the possibility of setting the security and privacy parameters
- Send connection details securely, prefer sessions that require user registration and always check (for example by inviting the lesson via email) who connects in advance, so as to verify during the lesson that the number of participants is not higher than expected. If the numbers allow, appeal
- Check the following parameters when activating a distance lesson:
- Turn off the class invitation feature for attendees
- Deactivate the functionality of being able to see the list of all participants
- Turn off the ability to edit event for attendees
- Enable the communication encryption features
- Restrict or disable File Transfer features
- Restrict or disable private chat features between participants by leaving only the public one active
- If not essential, disable video capabilities
- In general, activate or deactivate all those functions that could violate respect for privacy
- When using sites or tools for Q&A sessions, make sure that communications take place in encrypted mode and check the privacy management of the service itself
- Verify that the copyright rules for the materials used are not violated
- Avoid having students connect on video if not strictly necessary or activate the video session individually and not for all participants. Also replace photos with generic photos. Do not insert name and surname when connecting, if possible use only the first name or nicknames only
The general advice that you can always give is that of caution and the right degree of mistrust. In principle we avoid sharing too much information online and in particular that which we would not flag out loud in a bar full of strangers. The information that we knowingly or unconsciously disseminate online can be collected, condensed, crossed and analyzed for profiling purposes and then be used for phishing campaigns, scams, malware and ransomware.
Not only that: there is also another risk represented by deepfakes today. Audio and video therefore make us potential victims of photo montages and fake videos where, for example, the image of a teacher can be exploited to spread false communications and indications to students who in turn could be victims of criminal campaigns in the background extortion.
