Based out of Pune, Maharashtra, Nishant Agarwal is the founder of Proctur, an organization dedicated to providing technologically backed educational solutions, focusing primarily on mass digitization in education. He is a product enthusiast and has more than 16 years of cross-functional experience leading various technology brands in Asia and Europe. He is a serial entrepreneur and has been involved with the founding of various startups.
With the dawn of Covid 19 in 2020, the world came to a standstill for a while before it revamped back to normalcy. Mankind witnessed some major breakthroughs in terms of advancements in medical science and technological leaps. Certainly, the economy was restored to a great extent as most of the industries extrapolated their operations to a digital space. The education sector also adapted to the digital medium to conduct classes, keep records, undertake examinations, provide feedback, etc. The ed-tech industry proliferated immensely throughout the pandemic and in fact, has made learning easier than before. Yet as the old adage goes ‘every coin has two sides’, studying online can also give rise to security and data privacy concerns. However, these issues can be mitigated and kept under control with basic awareness and by incorporating necessary precautions.
Data is oil for the ed-tech industry. Various technologies such as virtual reality, cloud- based solutions, the internet of things, online learning applications and digital portals are being used by ed-tech companies to render their services. The services that are provided by ed-tech companies need data from students, such as their documents including birth certificates, financial data, biometric information, etc. The collection and processing of such data help the ed-tech companies to offer their customized services and premium self-learning experiences.
Cyberattacks and cyber hijacking have become rampant. A single phishing attack can cost immense be it data theft or malware. Malware has the potential to encrypt data, important files, and in fact the entire system. This may lead to crashing the entire network upon which the functioning of the ed-tech platform could be dependant. Once stolen, information can be sold on the dark web leading to irreparable damage to the data privacy of students or even their parents.
The question that needs to be stipulated is how do we manage all these security and data privacy challenges?
- Installation of security updates
The updates that pop up once in a while such as Microsoft updates embody in them critical and updated security measures that would provide better data protection. These security measures would help your system to address the vulnerabilities of operating system and browser, thereby disabling third-party access. Furthermore, in case you are using the internet on a Local Area Network, switch off the file-sharing feature. Doing this would restrict sharing of files and folders to users and systems unknown to you. Otherwise, the network would be susceptible to delinquents invading your system and hijacking your meetings.
- Restrict unauthorized entries
The classes conducted on ed-tech platforms work on an access-control model. A passcode or password corresponding to the meeting is sent to the students who can enter the same to log in to classes. There can be situations when such passcodes or password gets leaked to a third party. Zoombombing, as it is called, is an event when unauthorized users who are generally anonymous enter virtual meetings and cause a disturbance. Security concerns would arise if your meeting is taken over by such miscreants. In order to address such issues, the following steps can be complied with:
- Use Firewall: It is a security device that keeps your network safe by blocking outsiders, filtering unwanted traffic, and restricting infection by malicious software. This would help in preventing a complete network crash that could have been caused due to a DoS attack i.e., denial of service attack because of some malfeasance. As a consequence, the data stored on the system would be prevented from getting compromised and sabotaged.
- Managing participants: Host to only permit entry to those attendees who sign in to the meeting using the mail-id they were invited through. This way, the host is in absolute control of who enters the meeting. And therefore, prevent students who are the rightful participants from heckling the meeting themselves. In case the host discerns any disruptive behaviour, they should remove such participants.
However, in the first place, a few pre-emptive measures can be taken in order to manage the security issues. The same has been discussed herein below:
- Delineate cogent privacy policies
The ed-tech industry should lay out a policy enlisting the category of information that is necessary for them to collect, store, process and analyse. The specific policies should be in compliance with the data protection laws of the concerned country wherein the ed-tech company is providing its services. Further, auditing of the data collected and the legitimacy of the reason for which they are collected needs to be reviewed and audited by a due diligence officer.
- Anonymization and Encryption
The personal data collected can be anonymized which is basically the process of removing the identifiable information, making it difficult to identify a person whose data was collected. Otherwise, the data can be encrypted i.e., turned into incoherent information. Committing to such practices has been laid down in various privacy laws because they help in keeping the collected personal data safe.
Complying with the aforementioned measures can help close any loose string and thereby manage the security concerns of an ed-tech platform.