TEQSA is concerned that illegal academic cheating services are posing a cyber security risk to higher education providers, through systematic targeting of learning management systems (LMS), and resulting in threats to students, academic and professional staff, research and information security.
Background
TEQSA continues to have concerns that illegal academic cheating services are gaining access to LMS and other provider IT systems. Commonly, the cheating services are persuading students to share personal login information as part of their contract cheating provisions and this information is then used to gain access to other provider IT systems.
By gaining access to a provider’s LMS and other systems, cheating services are accessing sensitive information including, but not limited to:
- contact information for other students enrolled in a course of study
- details on course structures, assessment tasks and detection processes
- information about staff
- sensitive research activities or other commercial-in-confidence activities.
Such activities present a risk to students, academic and professional staff and institutions.
Figure 1: Cyber security and wellbeing risks created by academic cheating
Identifying, analysing, and responding to this risk
Effective management of these risks may include, but is not limited to, a provider:
- ensuring students and staff (including sessional staff) are aware of their obligations to secure their login details and other sensitive data, know how to safeguard their information, and are aware of the risks involved in cyber security breaches
- having appropriate policies to identify and address cyber security incidents, and ensure these are embedded in operations
- being mindful of the broader risks posed by illegal academic cheating services, including cyber security risks and risks to student wellbeing and safety
- proactively mitigating cyber security risks, when students are suspected of using illegal academic cheating services, for example, by issuing new passwords and scanning student accounts for suspicious activities
- reviewing existing protocols and procedures and, where needed, updating these to incorporate measures to reduce the risk of cyber security incidents, such as regular password changes for students
- responding promptly to cyber security incidents when they do occur, in accordance with their security and incident response plans, keeping the wellbeing and safety of those impacted in mind.
Where a student is suspected or found to have used an academic cheating service, providers should consider assigning new login credentials as a precautionary step.
Risks to compliance
Failure to take appropriate action to address these risks puts providers at risk of non-compliance with their obligations under the Higher Education Standards Framework (Threshold Standards) 2021.
Relevant standards include:
Standard 2.3.4
A safe environment is promoted and fostered, including by advising students and staff on actions they can take to enhance safety and security on campus and online.
Standard 5.2.2
Preventative action is taken to mitigate foreseeable risks to academic and research integrity including misrepresentation, fabrication, cheating, plagiarism and misuse of intellectual property, and to prevent recurrences of breaches.
Standard 5.2.3
Students are provided with guidance on what constitutes academic or research misconduct and the development of good practices in maintaining academic and research integrity.
Standard 6.2.1 (j)
The provider is able to demonstrate, and the corporate governing body assures itself, that the provider is operating effectively and sustainably, including the occurrence and nature of formal complaints, allegations of misconduct, breaches of academic or research integrity and critical incidents are monitored and action is taken to address underlying causes.
Standard 6.3.2(d)
Academic oversight assures the quality of teaching, learning, research and research training effectively, including by maintaining oversight of academic and research integrity, including monitoring of potential risks.
Standard 7.3.3(b)
Information systems and records are maintained, securely and confidentially as necessary to prevent unauthorised or fraudulent access to private or sensitive information, including information where unauthorised access may compromise academic or research integrity.
Standard 7.3.3(c)
Information systems and records are maintained, securely and confidentially as necessary to document and record responses to formal complaints, allegations of misconduct, breaches of academic or research integrity and critical incidents.
Related TEQSA resources
- TEQSA Masterclass: contract cheating detection and deterrence
- Academic integrity toolkit
- Good Practice Note: Addressing contract cheating to safeguard academic integrity
- Guidance note: Academic and research integrity
- Understanding academic integrity
- Cyber security e-learning modules for non-university providers
- Guidance note: Facilities and infrastructure
Protecting academic integrity