Cybersecurity and EdTech
Dr Noran Fouad is a Research Associate for Digital Pathways at Oxford University and has recently published a journal paper inviting policymakers and researchers to explore the links between EdTech and cybersecurity (Fouad, 2021). We sat down with her to discuss her paper and better understand how evidence related to cybersecurity could be used to improve EdTech programmes and policies.
What is cybersecurity and why is it important?
Cybersecurity refers to the application of security and protective measures to data, systems, networks, and technologies. Cybersecurity is presented as a holistic approach to improve data privacy, implement measures against unauthorised access to data and to protect users from various forms of data surveillance. Dr Fouad adds that cybersecurity also relates to mitigating risks related to data availability (i.e., ensuring users are able to access data when needed) and data integrity (i.e., protecting data against unauthorised modifications) and that the security of systems and networks in which data is stored also requires attention.
There are many reasons why cybersecurity should be considered when EdTech programmes and policies are implemented. Considering cybersecurity should ultimately reduce the likelihood of cyber incidents and attacks. These can lead to breaching learners’ and teachers’ privacy, interrupting EdTech programmes, causing financial losses for schools or families, among other damages. All of these can also contribute to reducing trust in the use of technology for education at large.
Here are some significant examples illustrating the importance of considering cybersecurity when EdTech programmes and policies are designed:
- In May and June 2019, two educational institutions in Australia announced a data breach that compromised contact numbers, passport details, and bank account information belonging not only to existing students and staff but also to alumni who had graduated in the previous 19 years (Fellner, 2019).
- Ransomware attacks against education increased from 6 per cent in 2019 to 15 per cent in 2020 — with Maastricht University in the Netherlands paying USD 220,000 as a ransom in 2019 ( Reuters, 2020); the University of Utah paying USD 457,000 (University of Utah Communications, 2020); and the University of California paying USD 1.14 million in 2020 (Tidy, 2020).
What are the solutions? What evidence or practices should be used to protect children when using EdTech?
At a school level, schools should:
- Engage in cybersecurity training for staff and students to adopt recommended cyber practices.
- Define clear policies for data management and follow governmental guidelines to store and protect data.
- Report cyber incidents to enable governments to have accurate data related to cybersecurity issues and to further prevent cyber incidents.
At a government level, governments and policymakers should:
- Work with schools, teachers, and EdTech implementers to provide guidance related to security measures and standards at national levels.
- Encourage information-sharing on cybersecurity and play an active role in regulating cybersecurity in the EdTech landscape.
- Link to digital reform processes that tackle other important socio-economic challenges, such as digital divides and digital literacy.
For EdTech researchers and implementers:
- More research is needed to measure the cybersecurity capacity and needs of governments, educational institutions, teachers and children — and to evidence how to best implement cybersecurity measures in a cost-effective and equitable manner (for example when EdTech interventions are designed and implemented).
- More research is also needed for vetting and categorising EdTech tools from a cybersecurity perspective in order to help schools, teachers, and parents make informed decisions related to EdTech.
The paper presented in this blog entry can be found here.