Since Alexandria City Public Schools cancelled in-person classes on March 13, the school division has faced several challenges in adapting to remote learning, including cybersecurity issues.

ACPS, like most school divisions, has turned to platforms like Zoom, a virtual meeting program, for staff meetings and online lessons with students. The school division is now grappling with how to keep these meetings private, after teachers reported four incidents of unwanted visitors appearing in virtual classes.

School board member Heather Thornton broached the subject of the school division’s cybersecurity efforts during the school board’s April 24 virtual meeting.

“Of course, as we know, when using Zoom, a lot of people are encountering some Zoom bombing or some security issues,” Thornton said. “… As we’re thinking about the budget, which is obviously going to be very tight, coming up, I think it would really behoove us to think about our cybersecurity efforts and doing whatever we can to beef that up.”

Thornton referenced the four reported Zoom-related incidents that have occurred since schools closed on March 13. Of the four incidents, two involved students – one current and one former – signing into virtual class- es in which they did not belong. The other two involved strangers appearing in classes, or “Zoom bombing.” In each case, the meeting organizer shut down the meeting and reported the incident to ACPS’ technology team.

“Understandably that’s very disturbing and very shocking,” ACPS Chief Technology Officer Elizabeth Hoover said in an interview.

The ACPS technology team chose Zoom as its primary remote meeting platform shortly after the schools closed on March 13.

“For us, we had to pretty quickly find some sort of platform that would be easy to use for a large variety of technical abilities and something that was FERPA [Federal Education Rights and Privacy Act] compliant,” Hoover said.

Zoom fit the bill, and after the first week of ACPS’ closure, teachers were able to have their students access Zoom via Clever, a single sign-in secure portal ACPS uses to protect its students’ information. Within three weeks, the school division had held more than 4,800 Zoom meetings.

Worldwide usership on the platform has skyrocketed in recent months as students, professionals and families strive to learn, work and keep in touch during the pandemic. Zoom’s daily active users were up 378 percent from the prior year as of March 22, according to data from Apptopia. But with more users also came more scrutiny, and users quickly started reporting security issues.

Hoover attributed ACPS’ security issues with Zoom to timing.

“Early on … we were all using Zoom differently, like our church and our gyms. We were not paying this close attention to the security features,” Hoover said. “… We had such limited time to prepare for this huge transition. Ideally, you would’ve done [staff training on Zoom] before, but time was not our friend on this.”

There have been no more Zoom-related incidents since ACPS’ spring break – the week of April 6 – Hoover said, largely because ACPS has increased its internal security and trained its staff in how to safely use the platform. Zoom has also updated some of its security features in recent weeks. Now, all meetings require a password to enter, and participants must be approved by the host.

Although ACPS has had no further Zoom-related incidents, a school division that is operated remotely and mediated by technology is fertile ground for cybersecurity threats.

“Sometimes our users are our biggest security risks, users with bad intentions. Not always, but any online platform inherently has some risks and you have to mitigate against them,” Hoover said. “… Cybersecurity is always an ongoing issue and one of our biggest challenges right now is just fishing scams, people taking advantage of people.”

ACPS staff is implement- ing more internal controls and setting up additional training to increase security, Hoover said at the April 24 school board meeting.

When it comes to technology in ACPS, security isn’t the only challenge. Some- times accessing the Zoom meeting – and the internet – is a barrier in and of itself. Between 10 and 15 percent of ACPS students don’t have internet access, Hoover said.

Since an internet connection is now integral to taking part in an ACPS education, staff began distributing Kajeet hotspots to 650 households identified as in need. ACPS is still waiting for another shipment of 700 hotspots to reach students, but by the end of the week more than 1,200 students in grades three through 12 will have access to hotspots, Hoover said.

ACPS technology staff can allocate different amounts of data for each hotspot based on need, and the hotspots come with the same education content filters that students would have if they were using a device in school.

Hotspots are ACPS’ first strategy for providing internet access to those in need. The school division is also actively exploring other strategies as well, including more powerful routers and long term, sustainable infrastructure for apartment buildings in neighborhoods like Arlandria and the West End with high concentrations of students in need.

“The second thing that we’re trying to do right now – we’re still working it out, so I don’t want to say it’s done – is in high density neighborhoods of need is putting some larger routers out to provide access to buildings or apartment buildings,” Hoover said.

ACPS is also working to expand access to Chromebooks to all students in grades three through 12, about 11,000 students, Hoover said. The school division has had a one-to-one policy – one laptop per student – for students in grades six through 12 since 2004. Since the school closure, the division decided to expand Chromebook access to students in grades three through five. 

“We’ve been doing a one-to-one for over 15 years. … You can’t spin this up overnight – I could write a book about what not to do – and as a result of that, we have learned from our lessons. I think that’s one reason why we’re in a good place,” Hoover said.