How to keep kids’ data private during remote learning

Joan Goodchild
Cyber Savvy Mom
Baystateparent Magazine

By now, we are several weeks into the school year and your student is hitting their stride when itcomes to distance learning. For most of us, this is our second time around with this experience and we are taking the lessons we learned last spring to help our kids succeed this year.

But as students dig deeper into the experience of remote school work, it is important to consider the unique questions about child data privacy and how to protect students’ personal information. Mitigating the risks around your kids’ data should not be overlooked, even if we have begun to feel more comfortable with distance learning efforts. Parents should still be helping their kids understand technology and should be involved in their online activities.

“The pandemic has pushed our kids to be more reliant on the Internet for their social and academic interactions. Technology and privacy policies related to online services in schools has been a growing problem for years and the pandemic has been like gas on a flame,” said Craig Young, a researcher with security firm Tripwire. “Parents must choose between accepting third-party privacy policies for their children or risk excluding their children from class participation. It is especially critical that technology used in the classroom or for distance learning have strict rules limiting what data can be collected and how it may be used.”

The technology K-12 students are using for distance education comes with several security and privacy threats. These concerns include the exposure of personally identifiable information, biometric data, academic information, and their location, just to name a few. Young said all of it can be exploited.

“Although it may not always be obvious, the small bits of data people generate with online activities can paint a vivid picture about who they are and what they care about. We’ve seen large-scale examples proving how just portions of this information could be leveraged to manipulate adults. It is scary to think about how much more effectively our children can be manipulated if we do not figure out effective ways to regulate the industry.”

That is why it is critical for parents to understand what information is being collected on their kids and how it is used. It is also vital to understand the threats posed by each tool. Knowing this can help you make informed decisions about safeguarding kids online now and in the future. This is particularly true for younger students who need parental guidance to navigate online education. 

Keeping distance learning safe and private

There are many best practices families can put in place to try and minimize the chance that their student will face exploitation or attack by a cyber criminal. The professionals we spoke to made the following recommendations.

Use a dedicated system for remote learning 

Young advises keeping the system students use to learn separate from personal technology use. The system should not be used to check personal email, social media, or anything else other than school work and it should be turned off and stored when not in use. 

Assume the camera and mic are on

When using a provided device, students should assume that the camera, microphone, location sensors may be remotely activated at any time and that browsing/usage history may also get reported. Use a camera cover and turn off the system when not in use for extra privacy.

Don’t assume school-issued means secure 

Security can be severely lacking on school-issued devices. Many districts simply don’t have the funds for best-in-class security. Young said some third-party software installed by universities and K-12 institutions will also install custom SSL trusted CA certificates which might weaken the overall security of the device.

Protect and use strong passwords

Ensure students use strong passwords that are not obvious, like a birthday, or default passwords provided with devices. And advise them to never share a password with anyone, said Renee Tarun, deputy CISO, with security company Fortinet.

Keep devices up to date

Tarun also cautions that parents need to take an active role to ensure devices and applications are updated with patches, and that any antivirus/malware software is current and operational.

Don’t download unvetted applications

Ensure your student is not downloading apps for their schoolwork that haven’t been approved by the school. If you do want to allow them to download certain apps, you can get information about online tools and privacy ratings at Common Sense Media or Dr. Trust’s website, which are both great sources on educational technology like knowledge and assessment tools.

Know what data is being collected

What kind of information does the district need to collect on students in order for them to participate in online classes? Will it be attendance, progress, grades, something else? Knowing what is collected helps you understand the risks associated with that data.

Understand attack techniques

Unfortunately, cybercriminals evolve annually with new ways of fooling people. Children are particularly vulnerable. Talk openly with kids about the kinds of scams criminals use to trick online users into clicking on malicious links and divulging personal information. Some great resources include staysafeonline.org and safekids.com.

Do you have a story suggestion or question for Cyber Savvy Mom? Contact me at joangoodchild@cybersavvymedia.com.