Cairns Catholic Education is aware of the issues in a southern Catholic school involving ‘Zoom bombing’ and had worked with its service provider prior to the start of online learning to enhance security protocols.
Zoom is one of the video conferencing apps used by Cairns Catholic schools for home learning, along with Google Hangouts Meet and Microsoft Teams.
Staff hosting zoom meetings with students have been updated on further security measures and how to apply them to reduce the risk unauthorised access.
No instances of unauthorised access have been reported in the Cairns Diocese.
“This is an issue we take very seriously, and we will continue to monitor our use of Zoom to ensure it is used responsibly,” Executive Director, Bill Dixon said.
‘Zoom bombing’, where random, uninvited participants join a zoom meeting is particularly prevalent with the free version of Zoom and happens when the link and password for a meeting is shared on social media (like Reddit or Facebook), usually by a student.
The professional, paid for version of Zoom used by Cairns Catholic Education allows us to default a range of security settings to assist with preventing ‘Zoom Bombing’, On 1 April, prior to the start of online education delivery, CCE’s service provider, CENet made a range of security setting changes to CCE Zoom accounts to mitigate the risk of ’Zoom Bombing’.
Account setting modifications included disabling features such as host video on entry, participant video on entry, join before host, use of personal meeting ID when scheduling, use of personal meeting ID when starting an instant meeting, private 1:1 chat, file transfer, and annotation. Screen sharing is allowed by managed by the meeting host only.
The waiting room feature, disabled by default, has been enabled so that those attempting to join the meeting are screened first by the teacher before being ‘admitted’ and allowed to join.
CES Executive Director, Bill Dixon said the Cairns CES IT Department had already implemented other measures recommended by CENet in early April. These included managed student email domains to ensure students were not free to sign up to a zoom account using their school email address or access Zoom’s ‘free’ basic service from their school account. This measure has enabled tighter control and access management to the platform. Enabling ‘managed’ student access to Zoom also provides opportunities to further enhance meeting security, for example, to only allow authenticated meeting participants who hold a diocese staff/student email address.
Advice has been provided to all staff to use the ‘lock meeting’ feature after all students have been admitted and the meeting has commenced, which reduces the risk of anyone joining the meeting even if they have been given the link and password.
He said he had confidence in the tight security measures implemented by Cairns Catholic Education and that parents could also.
“The safety and security of our students, whether in the classroom or online, is and always has been our highest priority,” Mr Dixon said.