The COVID-19 pandemic meant that schools in the U.S. and all around the world had to suddenly switch to digital learning. As schools, teachers, and students rapidly acclimatized themselves to this new version of school, a new threat emerged: cybersecurity breaches. Two school districts in the San Francisco Bay Area, Oakland and Berkeley, suffered recent cybersecurity breaches, and student privacy was severely compromised.

An unknown adult male exposed himself to teenagers and shouted obscenities during an online Zoom class video conference in Berkeley before the teacher ejected him from the session. In Oakland, the problem was different and equally dangerous. District administrators inadvertently publicly posted the access codes and passwords for online classrooms and video conferences that teachers and students use. This meant that anyone could log in and join these online classes and obtain information about students.

In the former case, the district swiftly moved to ban all video conferencing, and in the latter, websites were locked down and all codes had to be changed immediately. While the Oakland case was a matter of a severe mishap on the part of the district, the Berkeley incident was a matter of a serious breach. The teacher followed guidance about security precautions in Zoom and yet the hacker still gained access to the session.

Reports of such breaches of student privacy and digital security are surfacing across the country. These incidents show how unprepared districts were to meet such massive and instant demands for online learning. With COVID-19 threatening to prolong social distancing and stay-at-home orders, online learning may just become the staple feature of education for months to come.

The lack of experience in education cybersecurity is evident and alarming. A lot of K-12 schools are struggling with the changes they had to make, and this has added to their worry. Protecting student privacy, often without experts on staff or technology companies or monitoring use and access, has been a real challenge.

Teachers and administrators are faced with a steep learning curve, and they have realized that they need help. The best solution would be to bring in experts or consultants to help them transition to digital instruction to ensure cyber safety, but that may only be a solution for well-funded districts and private schools. The other, more affordable way would be to partner with other districts to reach comprehensive privacy agreements with education tech companies.

States like North Dakota have been proactive in engaging with K-12 and higher education leaders to ensure maximum levels of online security for students. Others like New York and Nevada have banned the use of Zoom until security is 100% ensured.

Zoom, as seen in the Berkeley example, has come under fire due to a staggering number of breaches that surfaced in the past few weeks, many unrelated to education. The program has exploded in popularity since shelter-in-place orders came in.

Along with schools and companies, churches, and other organizations, individuals have started using it extensively as well. The company has promised to increase security standards and upgrade encryption for its video calls and meeting rooms for large online gatherings. The default privacy and security settings have also been upgraded to the highest level.

Cyberattacks lead to dangerous security breaches and endanger students. Cybercriminals and hackers are intentional in causing operations and information flow disruption, widespread infrastructure failures that take the entire system offline, and depriving schools and districts of access to their devices, data, or even the internet.

In a time when the pandemic is already causing so much havoc in our lives, cybercrime further exploits our fear and uncertainty. We have to be extra vigilant about both usage and verification, clicking on links, signing up for new services, and giving out any personal information.

Training students, teachers, and districts to identify suspicious websites, phishing attempts in emails, and other scams is of utmost importance. Ensuring that they remain vigilant at all times is the foundation of any strong cybersecurity plan.