10 recommendations to protect “kids and adults” from threats on distance learning platforms

After the closure of national schools on March 16 due to the COVID-19 pandemic, classes moved to the online world. The third term has already begun and, although the Government is preparing a new Telescola available through DTT for students who do not have access to computers or the Internet, distance learning on digital platforms has become a new reality for many students.

The Directorate-General for Education, in partnership with SeguraNet, the National Cybersecurity Center and the National Data Protection Commission, have made available a set of recommendations to help protect students and teachers against the growing threats on platforms that allow communication on video and audio.

The b-a-b of sharing information securely

  • It is true that some digital platforms have options that allow the use of end-to-end encryption, however, the protection of sensitive information is still important. Personal data such as address, contacts and photos should not be shared, as they can be easily found by cybercriminals and used maliciously. It is recalled that, recently, more than 500 thousand Zoom accounts are on sale in hacker forums on the Dark Web.
  • Sometimes sessions on digital platforms are recorded and users no longer have control over the privacy of their data, including the sound and image they share through the microphone and webcam. The equipment must be used only when it is strictly necessary and, since it can be accessed remotely by attackers, they must also be turned off after each use.
  • The meeting administrator can configure the platform to reduce the risk of sessions being recorded by a third party. However, the entities responsible for the initiative indicate that, even in these cases, total control of privacy is not guaranteed, as there is the possibility of recording what is happening in the meetings using external software.
  • The file upload functionality in the messaging service must be disabled to avoid sharing malicious content. The recommendations also extend to screen sharing. The meeting host can configure the platform's options to prevent anyone from sharing what they are seeing on their screen. In addition, the use of a watermark on the transmitted content is a way to protect the intellectual property of the user who created it.