Protecting student data and ensuring academic integrity while teaching and testing online are key concerns during the pandemic and beyond.
The coronavirus pandemic has created unprecedented challenges for the education industry, with primary concerns rooted in ensuring data security, student privacy, and online test-taking integrity. Proctor applications have become a critical technology in 2020, guaranteeing that remote tests can be issued fairly. However, the rapid adoption of digital learning technologies has made the education industry a massive target for cybercriminals. In fact, 21 percent of educators within colleges and universities say their institution has already been the victim of a cyberattack since the onset of COVID-19.1
Unfortunately, while proctor applications are an essential technology for the 2020–2021 school year, they also have security and privacy elements that make them lucrative targets for cybercriminals.
Why Proctor Applications Spur Privacy and Security Concerns
For proctor applications to function properly, the user needs to supply documents that contain a lot of personally identifiable information (PII). This typically includes the user's driver's license and passport. In addition, the user may also need to provide access to their webcam and sometimes their computer. For example, each surgical resident taking the recent American Board of Surgery licensing exam was required to provide the proctor application full access to their computer, webcam, and phone—in addition to a photo of their passport and a scan of their face.
The onus of protecting sensitive user data falls on the organizations behind these proctor applications. These applications often store this data on servers, making these databases lucrative targets for cybercriminals. If a fraudster breaches a server, they can sell the data for a high price on the dark web.
These security concerns are exacerbated by the fact that once this information is exposed on the dark web for purchase, a student's entire digital identity and long-term digital footprint are in jeopardy. For example, cybercriminals can use this personal information to impersonate the student and log in to other accounts, including social media accounts, bank accounts, and even insurance accounts. Once logged in, fraudsters can transfer funds, steal benefits, and send emails from the user's account, and change passwords to lock out the real user entirely.
As the education and edtech industries are increasingly being targeted in growing cyber threats, proctor applications generate real privacy and security concerns. Furthermore, test takers are put in a difficult position if forced to use one: should they open themselves up to potential fraud or surrender their opportunity to take a test?
Prioritizing Privacy in Online Test Taking
Any application that relies on highly sensitive PII must not store user data longer than required. In the case of proctor applications, personal information should only be stored for long enough to confirm the student did not cheat. If user data is stored for any longer, the database and server become a honeypot for cybercriminals.
To comply with regulations such as GDPR and CCPA, educational organizations should select proctor applications with well-documented privacy statements that detail what student data is being collected, why it is being collected, and how it will be used. This clause must be communicated to students prior to the exam. Only proctor applications with high standards for data protection should be used, as ultimately some level of student personal information will be required to take the test.
A Call to Action for Education
The education industry—from schools and universities to companies that create digital tools like proctor applications—must make student privacy and security a top priority. Just as schools have checks and balances to ensure physical safety onsite, they must also create a safe environment for students online.
It is imperative that educational institutions properly vet any selected applications to ensure that student privacy is not at risk. By selecting secure applications with clear privacy clauses on how student data is being collected and used, educational institutions can keep student information secure while ensuring academic integrity amid the coronavirus pandemic and in the future.
Note
- Kevin Hogan, "Cybercrime Is on the Rise during Remote Learning," MarketScale (website), September 18, 2020. ↩
Robert Prigge is CEO at Jumio.
© 2020 Jumio.