There are two main security concerns that education establishments – and their students – have when considering either live or record & review online proctoring.
- The perception that an online proctor needs unfettered access to a student’s computer.
- The potential for malpractice, or human error, if an online proctor has access to Learning Management System (LMS) passwords to unlock assessments.
While malpractice by online proctors is extremely rare, these concerns are understandable, and at the same time, avoidable. With the rapid expansion of online learning, an increasing number of exams are already being conducted and proctored remotely, and this number is only going to increase as a result of the COVID-19 pandemic. Despite the urgent need for remote solutions that are fast to implement, security must still be a priority.
The good news is that technology to easily mitigate these risks is already available. In the first instance, with a secure lockdown browser that doesn’t require remote access to a test taker’s computer, and in the second with technology that programmatically populates a password, rather than using a more fallible human process.
In an effort to avoid exam cancellations and maintain maximum continuity for their students, many educational institutions are moving to online proctoring for the first time. So, it’s worth breaking down these two areas of concern into a bit more detail and then sharing our best practice, which ensures security while avoiding the need for remote access when proctoring.
When an online proctor, or test administrator, greets a student for the first time using an application such as Zoom, GoToMeeting, or Skype, many solutions require the proctor to have complete remote access to a student’s computer at multiple stages of the exam process. It is deemed necessary for the proctor to try to secure the testing environment by checking if a student has any unauthorized programs running on their device. If the proctor sees any programs that aren’t approved, they are then able to manually shut them down.
In this scenario, there’s a chance that the proctor doesn’t recognize or notice applications running that could aid the student in cheating or copying exams. Equally likely, while increasing security, this level of remote access inevitably leads to increased liability for the testing organization.
Every time a remote proctor accesses a student’s device, they may be able to view or retrieve highly sensitive information such as passwords or personal information. While it’s important to stress again that such behavior is very rare, it is possible and an unnecessary liability. And it just takes one instance of malpractice to negatively impact an organization’s integrity and valuable reputation. Furthermore, as more students are taking exams on employer supplies computer, the risk of data loss extends beyond personal information and impacts such areas as health and financial records.
User experience & privacy
The other potential consequence of allowing an online proctor full remote access is the impact on student experience. The tech savvy student will fully understand the potential data security risks that this presents, leading to discomfort and worry for many test takers. What’s more, remote proctors are often permitted by the terms and conditions, to change computer settings, and even a student's wallpaper, if they feel there is hidden messaging in an image or another security risk present. At the end of the exam session, proctors may not change the computer settings back, frustrating students even further.
In most instances, students are honest and have absolutely no intention of cheating. These changes can feel unnecessarily intrusive and unpleasant and as a result, students often go to social media to complain that their proctor is digging around their computer, changing settings, turning off programs, even disabling anti-virus software. In a competitive market, where everything we do is widely reviewed and shared, a poor student experience can have a significant impact on the number of students choosing to opt for a particular course or educational institution.
Data protection and user comfort is at the forefront of everything we do at PSI. As a professional assessment provider, we only collect data to protect the academic integrity of an online exam and guarantee each student has a level playing field regardless of testing modality. It has always been our policy to never capture or store unnecessary personal data.
At PSI, allowing remote proctors full access to a student’s computer is something we advise against, and it is completely unnecessary. Since we started developing online proctoring, we have successfully and intentionally avoided remote access while still ensuring test security and integrity.
Software in the form of a secure browser currently presents the most secure and least intrusive user experience. PSI’s Record and Review platform was developed and patented over 20 years ago, and we have been refining and improving it ever since. Students can download the application to their control panel in seconds, and it’s tried and tested with over a million downloads every year. It prevents users from copying, pasting, taking screen grabs, using remote desktop and virtual machines, as well as instant messaging or other applications, and accessing other websites.
Most other solutions to the challenge of test security involve the use of a browser extension, which detects if a test taker opens another browser tab or copies and pastes information into an assessment. However, this method only provides record and report functionality, with minimal capacity for prevention. What’s more, these extensions can’t close down several unauthorized applications, and as they often list everything a test taker’s browser is currently accessing, they still look and feel highly intrusive.
When speed of implementation is of the essence, as is currently the case for so many organizations, it’s also vital that online proctoring solutions are able to integrate quickly and easily with your LMS. As with remote access to a student’s computer, access by a remote proctor to an organization’s LMS and exam passwords shouldn’t be necessary. Relying on a proctor to remote into a student’s computer just to key in a password is unnecessary and can be error prone.
How do we get around this? With an Application Program Interface, or API, a proctor doesn’t need to access or know your LMS passwords. Because passwords are pulled automatically from your LMS, they are always kept secure, consistent, and correct. All you need to do is build assessments in your LMS – PSI can help you with this if you need additional support – and assign passwords. Our API then connects to your LMS to unlock password protected exams, with no human intervention required.
Speed and security
There are often tensions between speed, security, and budget when implementing any new technology. When it comes to remote assessments, it is possible to balance these tensions with online proctoring that incorporates both a secure browser and a robust integration, keeping your tests and student data secure and delivering a great user experience. And with Record and Review proctoring, and an LMS that is LTI compliant, your students can be up and running with online proctoring in just 24 hours.