If you’re like me, identity theft doesn’t exactly keep you up at night. It’s someone else’s problem—or so you think.
That all changed for me earlier this month when a colleague who I work closely with revealed that he had his identity stolen during tax season. Something about a former employer and poor accounting controls. Ugh.
It didn’t matter. All I heard was identity theft. Because I spend a couple of hours a day writing about schools, it got me thinking: Students, teachers, parents, business partners, the amount of information that school districts keep and, at some level, have a responsibility to protect is massive. Simply massive.
The debate over information storage and use and the security, or lack thereof, of private student and community information has raged in recent years. Some hoped that the Every Student Succeeds Act might lead to federal guidance and some clarity to the problem. But, as this Education Week article explains, the issue went largely unaddressed.
School IT experts continue to do this work on their own. The onslaught of new devices and applications in schools hasn’t made their jobs any easier. Fortunately, there are some resources out there that can help.
Writing for Ed Surge, network security consultant Mike Baker compiled a list of strategies for districts to protect student data from hackers and cyber criminals.
Here are just a few:
Secure every device
It sounds obvious, but it’s something many district and schools continue to overlook. Just ask educators in Greenwood, Ind., whose students recently reprogrammed school-provided iPads to circumvent network protocols and download outside games and other apps.
Baker’s take: Every school or district needs a mobile device management solution that works across common devices to protect networks from hacks and malware.
School IT leaders spend an inordinate amount of time and resources developing secure firewalls. But far less attention is paid to floating data stored on computer hard drives and desktops, writes Baker. Data on every device in your school or district, no matter its location, should be encrypted, so that if a device is stolen, it will be more difficult for hackers or thieves to access that information.
Train your staff
Building an impenetrable network infrastructure is the goal. But no network is 100-percent safe. Weaknesses and breaches are as much the fault of human error as they are technological weakness, writes Baker. That’s why it’s critical to train your staff how to handle and protect sensitive information. He points to large-scale data breaches, including OPM, Target, and Sony. These companies spend millions on data protection. But even that wasn’t enough to fortify their networks against the inevitability of human error.
Your staff needs to understand these risks. Every district should have clear data protection policies for teachers and administrators. Think about drafting agreements that people in the district with access to this information have to sign. And commit them to training and professional development, so that they understand the risks and buy-in to the process.
Students need to understand the dangers and implications of cybercrime to not only protect themselves from harm, but to dissuade them from engaging in potentially illegal behavior. Some computer hacks might be seen as jokes. But history has taught us that even innocent pranks can have potentially serious consequences.
Think about integrating digital citizenship and cybersecurity lessons into your curricula and make online safety something you teach.
For Baker’s full list of data-protection strategies, check out his post on Ed Surge.
What cybersecurity measures have you put in place in your school or district? How do you engage your community to ensure they understand the threats and realities of cybercrime—and that they do their part, however small, to help prevent it? Tell us in the comments.
Want to see where your community stands on cybersecurity and private data? Start by asking teachers and parents what they know.