Educational institutions are often the targets of cyber-attacks by virtue of the valuable data they hold, and online exams introduce new points of vulnerability. Institutions must be diligent in keeping data secure by following industry best practices and creating strategies for protecting students, instructors, and the institutions themselves. This includes being smart about online exam security measures and choosing partners who prioritize privacy.
The widespread migration to online learning has been instrumental in safeguarding health during Covid-19, but it has also profoundly increased data security risks. According to BlueVoyant, ransomware attacks against higher education institutions doubled between 2019 and 2020, largely due to “an ever-increasing reliance on mobile devices, remote learning, and third-party education partners.” While the damage caused by ransomware attacks may be easy to quantify, security breaches of all types can cause significant damage.
Based on a 2020 analysis from Ponemon Institute, the average data breach within an educational institution costs a total of $3.9 million. And fallout can go far beyond the financial; without a robust cybersecurity plan in place, you may be compromising the trust and private data of students as well as the reputation of your institution.
The need to preserve academic integrity has led to the proliferation of online proctoring software. Designed to detect academic misconduct, many platforms have recently come under fire for being overly intrusive and leaving students in the dark about what data is collected and how it is used. In most cases, these concerns are about how information is used when the system works as it should. But it’s also essential to consider what an online proctoring system makes possible beyond that. What are its weaknesses?
There can be many points of vulnerability present within a poorly designed proctoring system. Last year, for example, part of Proctortrack’s source code was leaked online by an unauthorized user accessing a quality assurance server. According to Consumer Reports:
An analysis of Proctortrack software leaked in a data breach this fall suggests that the company ignored basic data security practices. Videos of students taking tests may have been accessible to unauthorized employees at Proctortrack, along with facial recognition data, contact information, digital copies of ID cards, and more. After the software leaked, the information could have been accessed by criminals, as well.
The breach confirmed many students’ worst fears about online proctoring software privacy, and the company’s handling of the incident didn’t reassure them. “I want to know what data was leaked and how we can be impacted,” said a student at Western University, one of the institutions affected by the Proctortrack breach. “I don’t think there’s been enough transparency there.” Indeed, the Rosalyn’s Student Advisory Board reports that the feeling of not knowing is what bothers many students most.
According to Patrick Jackson, Chief Technology Officer at cybersecurity firm Disconnect, Proctortrack’s code “was a ticking time bomb.” However, the code is only part of the problem. The larger issue is: what does the proctoring system have to offer a malevolent actor?
Many popular proctoring systems require examinees to give access to virtually every piece of data on a student’s computer, even unrelated and sensitive data. When malevolent actors gain access to such a system, they are frequently rewarded handsomely. Gaining access to such a system could be rewarding. Rosalyn's Student Advisory Board has spoken loudly on this topic and as a result, Rosalyn commits to only accessing system functionality directly related to exam integrity.
Rosalyn was developed with security in mind. This includes the validation of examinees' identity by human proctors, Rosalyn AI's continual reassessment of the test taker's identity, source code security, and following industry best practices. But it also includes being selective and transparent about what information is collected and how it is used. Rosalyn has created a comfortable testing experience and empowers students—and that includes ensuring they know how their privacy is being preserved.
With a new academic year approaching, forward-thinking educational institutions are updating their data security plans. Partnering with an online proctoring solution that offers advanced online exam security should be a central component of any strategy to protect exam integrity and institutional reputation.