hacker in dimly lit room

Evaluating Remote Exam Security

Remote exam monitoring has grown explosively during the pandemic. Known in academic circles as remote proctoring or remote invigilation, this method of monitoring exams has become the new standard. Allowing students to write exams from home has eliminated any health risks associated with classroom settings. It has also made exams significantly more convenient for students and administrators.

But are remotely delivered exams safe enough for your organization? 

Cheaters have always been creative and determined in their attempts to beat the system. What is new for many exam administrators is that they now have to defend against students attempting to exploit weaknesses in online exam technology. Hackers and scammers may also see an opportunity in this increased reliance on remote proctoring.  

This leaves exam administrators with some difficult questions to answer: How can they protect the integrity of their exams and the reputation of their programs in the face of new threats? Are encryption and password protection enough? Are they even asking the right questions?

Do remote exams increase cheating?

The short answer is that—if you are not careful—they can.

Several colleges and universities have reported increases in cheating since moving online. This seemed to validate the fears of many. It doesn’t take a huge mental leap to assume that credentialing exams might see a similar shift. But the exam venue may not be to blame.

A more likely culprit is the sudden and unexpected shift to online learning. Hastily transitioned exams that were not designed to be online and do not have the appropriate security measures in place may encourage cheating. Schools have navigated some major challenges since the pandemic started, and they don’t always have the tools or knowledge to meet them. Some lack the essential security elements to discourage cheating. 

Another semi-controllable factor may also contribute to cheating: stress. Social distancing, childcare issues, and health fears are increasing stress levels. When the stakes are high, and people are stressed, they’re more likely to cheat. 

Upstream measures like offering testing more frequently and giving learners the time and tools to understand the material can remove some of these stressors. Such measures are most effective when paired with security features that make cheating more difficult. 

What about hackers and scammers?

Where learners see stressors, hackers and scammers see opportunity. As exams move online, hackers, scammers, and fraudsters are seeking out security gaps they can exploit. They’re aware that some organizations have left themselves vulnerable to attack as the result of a hasty transition to online learning and testing. 

There isn’t just a public health pandemic—there is an IT security pandemic as well. A survey revealed that 95% of IT and cybersecurity professionals are facing additional security challenges. The overall rate of cyberattacks has increased as well, according to 71% of those surveyed. Corporate learning systems and testing platforms are not exempt. 

Under these conditions, the security of your testing platform is particularly important. Your network is only as secure as its weakest component. To protect your organization, your LMS and exam platform must meet the same standards as any other part of your online workspace. 

Security features for remote exams

Before partnering with any corporate learning provider, you should ask them these four questions. Their answers will help you evaluate the security features built into their systems. If you don’t like what you hear, keep looking until you find a training partner who has the right features in place. 

1. How can we confirm student identities?

Simply typing a username and password is not enough to confirm a student’s identity.  These credentials are too easily shared or stolen. Look for more robust methods like:

  • Challenge questions – also used by the banking and credit card industry, these questions ask about the student’s residential or employment history to confirm their identity.
  • ID Checks – test takers may be asked to hold their photo ID up to the camera to be compared with records on file. 
  • Biometrics – in cases where continuous supervision by a human is not feasible, facial, voice and even keystroke recognition can be helpful.

Advanced authentication methods can help you ensure that the person taking the test is the learner and not a stand-in. 

2. How will the exam be proctored?

Remote proctoring is one of the technologies that make remote exams possible. While you’ve likely heard about this technology, you may not realize that there are different kinds of remote proctoring available. Each type provides different levels of oversight and security.

Automated Proctoring

  • Uses artificial intelligence to monitor test footage
  • Flags potential problem areas for review
  • Security level: lowest 

Recorded Proctoring

  • Records and stores exam footage
  • Footage is reviewed by proctors at a later date
  • Security level: medium to high

Live Remote Proctoring

  • Proctors watch and listen during the exam
  • The proctor may pause the exam if they notice a problem
  • Security level: highest

When it comes to proctoring, who is as important as how. Remote proctoring may require students to download special software to their personal computers. Employers should ensure they are recommending software that meets industry security standards and that do not create new vulnerabilities on employees’ machines. Some proctors may also use video and audio monitoring to view the entire room where the student is testing. Proctoring companies should demonstrate an awareness of privacy issues since many students are likely to be writing from within the privacy of their own homes. Firms should choose remote proctors with proven track records and trustworthy staff. 

3. How will we create a secure exam environment?

Proctors, software, and network tools can all be used to secure the exam environment. Discuss with your learning partner which procedures and technology will be used during the exam. To create a secure exam environment, consider three key points: 

First, how will test takers access the exams? Whether they’re using home networks or public wi-fi access, neither is likely as secure as your business network. Remote proctoring companies should guarantee they will ensure a secure encrypted connection between the student’s computer and the provider’s exam server. 

Second, you should understand the procedures that a proctor will use to verify that the student is alone and relying solely on their own knowledge to pass the exam. They typically watch the test-taker’s head and eye movements to track whether the student is looking at content off-screen. The proctor may also watch the student’s mouth for movement and listen for anyone speaking offscreen.

Third, ask about how access to computer files and internet resources will be limited during the exam. Some proctoring services include software to lock down a browser so the student can’t open any other web pages. Others may include tracking software that logs whether a student opens a folder or file on their computer during the exam or software that limits the student to the use of just the testing software and no other programs.

4. How will we secure access to the exam and its results?

In August of 2020, a large remote proctoring platform was the victim of a major data breach. Hackers stole personally identifiable information from more than 440,000 people. This incident serves as a reminder that security is equally important when the test is over. 

Ask about how data will be stored and what response procedures the organization has in place if a breach does occur. Ask about technical controls like user authentication for proctors and for the organizations that need access to test results. Data should be encrypted and stored in a secure location and access should only be possible by authorized staff using two-factor authentication and a secure channel. 

You should also know how long the proctoring service and testing partner will store data. When and under what circumstances will exam results and learner information be deleted? Who has access to that information in the meantime?

While you’re likely to think about technical controls, such as encryption and firewalls, also consider physical controls. Where are the servers on which data will be stored? Do they have security guards, CCTV, biometrics or smart card readers to limit access by unauthorized people?  What happens if there is a fire, flood, or natural disaster that affects the server location? While unlikely, these scenarios can result in loss of data or compromised security unless appropriate measures are in place. The gold standard for cyber secure systems is ISO 27001 certification.

Is it secure enough?

You might think that more security is always better. After all, a door with a keypad and a deadbolt is harder to breach than one with a deadbolt alone. But it is possible to make your exams too secure. 

Cybersecurity experts know that there is always a trade-off between security and user experience. Many of the security measures mentioned above make the exam more difficult to access. That’s great if the person trying to reach it is a hacker. It’s problematic if it prevents a learner from accessing their exam. Overly enthusiastic security can make the test more stressful and create more potential barriers for test takers. 

So when you evaluate security features in remote exams, consider which features will help you strike the ideal balance between security and accessibility. These decisions can be difficult, especially if you are not already a cybersecurity professional or online learning expert. 

If you need guidance to create remote exams or assess their security, reach out to the online education experts at Oliver. We’ve served the financial, real estate, and travel industries for more than 30 years. Let us leverage our experience and insights to satisfy your firm’s needs. Connect with us today.  

Leave a Reply

Recent Posts:

Have questions?