Managing eLearning Security
To convert or not to convert learning into eLearning? Initially, training programs have been delivered online by "choice" rather than "necessity." Universities, private training providers, corporate training units, and other bodies responsible for training management have opted for online delivery of the courses because online classes appear to have a wider reach as well as be more cost-effective and easier to deliver/tailor to learners’ needs. Where necessary, a so-called "hybrid" delivery could be arranged. A common example of such a hybrid approach is combining online classes with the face-to-face ones within a single unit of study and/or allowing the learners to study from the comfort of their own home while attending the training provider's premises exclusively for tests, exams, and other course activities that are more convenient to deliver in a traditional classroom rather than in a virtual one.
In the light of the pandemic, the courses that have previously been delivered in a face-to-face environment have been shifted to virtual campuses, and for many of the training providers, this sudden shift has been rather dramatic. They struggled to embrace the world of eLearning NOT because the online environment is unsuitable for their courses but because they were totally unprepared to do so and failed to consider many of the critical online course management and delivery aspects.
Ensuring secure and comfortable virtual learning and teaching environments is arguably one of the most critical aspects of online delivery, as well as one of the biggest challenges to overcome. In this article, I will briefly (keeping it condensed to make it easier for the readers to focus on the key points) discuss issues in establishing eLearning security protocols with regard to the 3 main stakeholder groups: students, instructors, and administrators (college management).
Furthermore, not only do each of the stakeholders need to be looked after, but it is essential to have a collaborative environment that not only addresses requirements for each of the stakeholder groups but also enables the managing body to develop an Integrated Set of Security Protocols that can be administered to the satisfaction of all the stakeholders involved as well as in unison with other protocols required. Successful management of eLearning security protocols requires the development of the following:
- Student-Centered Security Protocols
- Instructor-Centered Security Protocols
- Course Administration-Centered Security Protocols
- Security Protocols’ Integration Points
Student-Centered Security Protocols
No matter how "ad-hoc’" the switch to the eLearning is, there are some essentials to be addressed prior to the system roll-out. Traditionally, training providers focus on course delivery and assessments and rightfully worry about the quality and validity of those. Likewise, they make sure that students can register for courses, get access to the learning resources offered, and utilize the learning tools available. However, training providers often fail to address the so-called "boring and trivial" yet very important "logistics" tasks, such as keeping the students’ passwords, log-ins, and financial details secure; maintaining the security of the students’ info; and, accurate handling of course data.
For example, we all find it incredibly frustrating when getting loads of junk mail in our private Gmail or Yahoo inboxes, but it is far more frustrating for students to discover that there are never-ending promotional trash messages going into their college inboxes. In such cases, poor management of mailing lists (making college mailing lists public) is becoming transparent.
Another example is when student profiles (visible to other students and instructors) include information that should, at the very least, be kept optional for the students to display. For instance, during a recent review of a client's eLearning platform, I noted that the learners’ profiles (on the front-end, so they were visible to all the other learners) included some confidential details such as age and date of birth!
Instructor-Centered Security Protocols
Are the majority of instructors that facilitate online courses IT gurus? Far from it! Successful instructors should be expected to be subject matter experts rather than technology specialists, so it is important to keep security procedures and processes simple and consistent. The instructors usually have to manage a range of security-sensitive tasks, such as managing assessment settings (making grades visible/invisible), managing content access, uploading/deleting content, and monitoring course communications. Therefore, it is essential to create protocols that will enable the "not so technology-savvy people’’ to maintain the security standards that they can follow religiously based on straightforward, step-by-step instructions.
While the protocols should be comprehensive and well-documented, ideally these protocols should at the same time be as brief as possible, making all the required activities easy to identify. Implementation of the protocols should be incorporated into new instructor training programs so that by the time the teaching term commences, the instructors are fully familiar with both the security policies they need to follow and the processes required to ensure that all of the activities do flow smoothly.
Course Administration-Centered Security Protocols
The course administration-centered security protocols’ failures (or lack of such protocols in the first place) are behind the majority of the security blunders that colleges commit. Course administration involves managing infrastructure that is truly multi-dimensional, and some of those dimensions emerged only after COVID started making in-person arrangements rather problematic. Ensuring the validity of online assessments is alone a challenging task, particularly if the course is supposed to be practical and ‘’hands-on’’ rather than a theoretical one.
If a training provider wants to make sure that the person undertaking the online assessment is receiving no unauthorized assistance throughout this assessment and is indeed the person who is supposed to get assessed (rather than a paid imposter), it requires a significant range of measures. On the other hand, it has been argued, that asking learners to undertake lengthy online assessments entirely under the surveillance of webcams may invade their privacy, so when handling the assessment tasks, the course administration team must implement process management protocols that will take both security and privacy issues into consideration.
While a "security failure is always a security failure,’’ failure of the CAC security protocols can be particularly damaging for the training provider's reputation as it is always going to be viewed not as a failure of individuals employed by the organization but as an organizational failure. The protocols often incorporate a range of tasks and activities that need to be managed in collaboration with one another. Therefore, the implementation of extensive administration staff training programs (particularly if the staff has not been exposed to the online environment in the past) is absolutely essential!
Security Protocols’ Integration Points
Managing and implementing each of the 3 (student-centered security protocols, instructor-centered security protocols, and the course administration security protocols) as separate entities will result in multiple discrepancies even if each of the protocols is followed "religiously." In order to avoid scenarios where the protocols are sending conflicting messages to the staff or create a policy vacuum, there should also be a unified security policy that incorporates all 3 of the protocols in one. This can be done by establishing protocol integration points. Security protocol integration points are usually established around tasks and activities that engage multiple stakeholder groups (e.g., both the instructors and admin staff) and ensure that the protocols are integrated smoothly with one another.
So How Big Is The Challenge?
The establishment and management of eLearning security protocols is obviously an ongoing task, as the initially crafted security landscape will require ongoing updates. The environment (emergence of new teaching and learning technologies, COVID, deregulated eLearning marketplace, etc.) is very fast-paced, so no matter how all-inclusive and thoughtful the protocols are, they need to be reviewed on a regular basis. This will add up to the costs and yet, no matter how much care is taken, some security challenges are going to emerge, including brand new challenges that are going to appear (surprise! surprise!) along with the new technologies. However, the challenge is not only big…but is also essential to undertake! No online training provider can operate without eLearning security protocols in place!
