PLEASE ROTATE YOUR DEVICE
April 12, 2017
With students spending an increasing amount of time on social media, one of the more significant threats to the security of their personal data goes unnoticed by parents and teachers: their school’s data storage system.
With students becoming more and more comfortable sharing information over the internet, parents and educators rarely think of schools as being the weak link in the informational security of young people today. The truth, though, is that the data stored in district IT systems is usually much deeper and more personal than what any malicious entity might find by trawling social media accounts.
Unfortunately, that data is often not fully secured by the educational institutions entrusted with it. According to SREB, there have been 54 major educational data breaches since 2014, affecting over 1.1 million student records, and including a 789% increase in “phishing” scams since last year.
School districts have a legal obligation to ensure that students’ personal information is safe and secure. Yet, enforcing comprehensive solutions can be challenging, oftentimes due to the variety of data, systems, and procedures involved in a district’s IT ecosystem. At the same time, the sophistication of digital attacks is always on the rise — fraudsters are constantly seeking out ways to circumvent whatever security protocols are already in place. In order to hold school data at a reasonable level of protection, schools must treat information security as a top priority.
Attackers can obtain and exploit the range of personal information kept by schools — from directory information like name and address, to the usernames and passwords for educational applications — in a variety of ways. As EdSurge notes, two popular intrusion methods are the “remote attack” wherein entities are able to gain access to a program without a user’s login info (such as by generating fake class registration codes or revealing student names through password login hints); and the “eavesdropping” attack, where attackers “sniff” the unencrypted traffic that a computer sends over the internet in order to gain login information or take control of a program.
Once obtained, this information can be used for any number of purposes — most troublingly, to gain the trust of individual students. But it’s not only students who are at risk; phishing scams targeting parents, family members, or others in the community, are made dramatically more effective when presenting the kind of difficult-to-obtain information one can pull from a cyber attack on children. As a result, the impact of an attack can reach well beyond school grounds.
In some cases, it’s students themselves who commit digital fraud. There are several recorded instances of illicit access being used to change report cards or attendance records. At a minimum, a breach of personal privacy will undermine confidence in the school and its ability to provide secure services.
While districts will never be completely immune to cyber attacks, you must work to ensure that risks are brought down to reasonable levels. This not only requires identifying the comprehensive IT information security responsibilities of the district, but enacting policies that make sense within the context of the organization that remain in line with local and federal laws and regulations. Such solutions must also consider ownership and authority over data at all levels of the district, bearing in mind that such a chain of command may differ from the traditional hierarchies in place at schools.
Due to the complexity of considerations involved in this process, it’s often advisable to work with consultants who have experience with digital privacy in K-12 education, thereby avoiding potentially cost-inefficient work. Vinson Consulting is one such third party, and as a member of the Access for Learning (A4L) community, it’s uniquely qualified to vet the data governance policies of your district for compliance with A4L best practices for interoperability, information security, and data privacy.
As it’s not likely that the digital world will cease playing a massive role in the lives of students anytime soon, digital privacy and security issues will always pose a lingering challenge. Therefore, students and parents must have confidence that their personal data will be secure in the place where they feel most safe — at school.
3 EdTech “Game Changers” That Never Happened
Adopting an Interoperability Standard Doesn’t Guarantee Interoperability
Big Data Rising: The Latest IT Trend Only Reinforces the Importance of Interoperability
How School District Data Falls Through the Cracks — And Why It Matters
Making the Leap to a Cloud-Based Operating System