Chief Information Security Officer Kevin Ford and State Superintendent Kirsten Baesler today alerted the public to new cybersecurity threats tied to video conferencing platforms, like Zoom, which are becoming increasingly popular given the global increase in remote work and learning environments.
Examples of these threats, referred to as ‘bombing,’ include hackers gaining access to online meetings and taking over victims’ microphones and cameras, often shouting profanities and hate speech or sharing pornographic images to meeting attendees. EduTech, the education technology arm of North Dakota Information Technology, and NDIT have been actively engaging with K-12 and higher education leaders about these new threats and working together on ways to reduce risks to teachers and students who are using a variety of technologies to support e-learning.
“ND K12 schools have developed amazingly creative plans to educate our state’s students during the COVID-19 situation,” stated Baesler. “These plans include innovative ideas and technology tools to support students, parents and teachers in staying connected and delivering education content. We want to remind everyone to be vigilant about security and data privacy. Please be sure that whatever tools are used adhere to FERPA guidelines and COPPA requirements to protect educational and personal data. The transformation of education that has been achieved, in such a short period of time, is a testament to the outstanding work, dedication and partnerships that exist in North Dakota.”
“We encourage citizens and team members to bookmark the detailed cybersecurity alerts posted daily to NDResponse.gov,” said Ford. “In addition to utilizing Microsoft Teams as the preferred state platform, following these tips can help reduce malicious attacks when using any video conferencing platform: require a password to access the meeting if that option is available, control access to your meeting through a waiting room, do not publish meeting invitations in public, online locations*, and if you save the meeting make sure it is password-protected.”
Ford emphasized that stakeholders and citizens should be mindful that free tools do not necessarily have the same security measures in place as those that have been vetted and approved by the state. The guidance to not publish meeting invitations in public, online locations does not apply to meetings subject to open meeting laws which must comply with Executive Order 2020-16 and North Dakota Century Code chap. 44-04.
Teams is a flexible platform in that it allows meeting participation by individuals not on the Microsoft O365 platform. Following the tips outlined when scheduling Teams meetings remain important security measures.
Ongoing COVID-19-related cybersecurity threats include phishing emails that try to manipulate end users into clicking on links or attachments that are infected with malware or ransomware. Users should only access trusted and reputable sources and be cautious with clicking on links or attachments from unknown sources or entities claiming to have COVID-related information.
Emerging threats and misinformation trends around COVID-19 are updated daily at https://ndresponse.gov/covid-19-resources/covid-19-cyber-threats. Team ND members are also encouraged to follow the multi-factor authentication and related security measures outlined at https://www.nd.gov/itd/how-work-remotely.