COVID-19 SPECIAL

Zoom in on ways to keep online lessons safe

By now most parents in Singapore would have heard of Zoom bombing, where strangers can potentially enter and disrupt a meeting held with the Zoom video-conferencing software.

This happened in Singapore on Wednesday when hackers got into the online lesson of a school in the east and showed obscene messages and images to the students. Schools have been closed to reduce transmission of the coronavirus and students are on home-based learning.

The Ministry of Education has acted prudently in suspending the use of Zoom by teachers while it investigates how this happened.

But this is much more than just a Zoom problem or even a school problem. It's much wider, and to keep us all safe, we can all help by learning new ways of working in this Covid-19 world.

Zoom is not the only platform where this could happen. Commercial video call platforms are designed more for ease of use at work, especially ease of joining meetings and letting people in, than for keeping people out. None could have anticipated their products becoming so widely used by the general public, especially schools.

Businesses that moved into "work from home" in a hurry are now realising that their employees are connecting office laptops (and data) into poorly secured home networks.

Many home networks also have insecure devices attached, such as smart TV sets, smart light bulbs, or Android set-top boxes for streaming video. All of these are designed more for ease of use than for security, and are potential entry points for hackers, spyware or ransomware.

Practically all school-going children in Singapore are now using home computers (not secured) that are connected to the same home network (not secured), and have to click, download and open attachments all day for lessons. All of them are targets for phishing e-mails and scams.

Under normal circumstances, we demand that our technology be cheap, fast and good. Security, by design, is a low priority. We have got by so far because the risk was low when usage was low.

The risk level has risen drastically now that we are going through a circuit breaker period where workplaces, schools and retail outlets are shut and everyone is urged to stay home.

Work from home, home-based learning, video calls and online purchasing, to name a few, are all useful tools that help us try to carry on with life without leaving home. Grandparents are maintaining family ties by joining video calls with their grandchildren. Technology has become an integral part of our resilience.

It has taken a national emergency to accelerate widespread adoption of this technology, and we may emerge from this as a Smart(er) Nation.

But it also means that info-communication technology is now used much more widely by everyone, not only by "knowledge workers" in offices supported by corporate IT departments, but also by our children, our elderly, and other untrained and unsecured fellow Singaporeans. We have to take additional steps to ensure that everyone is safe.

This requires educating ourselves on safety measures. For example, we can see from advisories provided by the Cyber Security Agency, schools and even Zoom itself, that there are several actions which will prevent hackers from intruding into video calls, regardless of platform:

• Using the latest version of the software;

• Setting meeting passwords and circulating them privately;

• Managing meeting access, such as checking participants by name before letting them in;

• Controlling meeting functions, such as restricting participants' ability to chat or to share screens or files; and

• Staying alert for attacks in the chat.

If these safety procedures are available in the video call platform, and they are implemented correctly, then the risk of intrusion drops massively. On the other hand, if security features are not implemented correctly, then any platform, no matter how technically secure, can be hacked.

The need for good cyber hygiene applies not only to schools and students, but also to businesses, employees, their families, and everyone who is using info-communication technology. Let us not wait until a stranger intrudes on one of grandma's calls with her grandchildren.

All of us can play a part in supporting our children, their teachers and their schools in these trying times. There is no point in pointing fingers or assigning blame. The whole world has changed at very short notice, and many problems are obvious only in hindsight.

To be constructive, those of us with technology skills can volunteer to help if needed. Parent support groups can consolidate offers of help, so that schools and teachers are not overwhelmed with communications.

Government agencies such as the Cyber Security Agency are helping, but if we parents can volunteer, just like we sometimes direct road traffic, that will free up agencies to protect national critical infrastructure such as power supply, hospitals and telecommunications.

Schools can consider engaging volunteer teaching assistants to help teachers in monitoring online classes. They could look out for strangers, and also for undesirable behaviour between students, such as cyber bullying.

Finally, we should not throw the technological baby out with the bathwater. Many of these tools are helpful to society if used correctly and safely. In my primary school days, there were reports of flashers who exposed themselves to school children outside the schools. The schools did not shut down, but instead set up security measures to protect the children. Likewise, we can all work together to help protect our children, our families and our society, online.

• Benjamin Ang is a senior fellow at the Centre of Excellence for National Security, S. Rajaratnam School of International Studies, Nanyang Technological University.

A version of this article appeared in the print edition of The Straits Times on April 11, 2020, with the headline 'Zoom in on ways to keep online lessons safe'. Subscribe