Protecting student data poses a challenge across K-12
- In an annual Consortium for School Networking survey, 68% of K-12 chief technology officers reported being more critical of student data privacy and security year-over-year — and keeping that data from being compromised is a constant challenge — former teacher and school administrator Mike Oswalt writes for eSchool News.
- In taking steps toward securing data, Oswalt suggests consulting a school's or district's IT department before any new apps or software are used, that student data not be kept or shared longer than necessary, and that personally identifiable information about students not be shared via email.
- He also recommends not using actual student data for training purposes, that all devices used to access student information are password-protected and powered down when not being used, and that tracking technology, such as "Find My Mac" be activated if available.
Student data security is among the greatest challenges for school and district IT staff, and the issue is only compounded by the involvement of third-party vendors who may have access to that data, as well as the difficulty in attracting highly skilled information security professionals when similar jobs in the private sector pay more.
Administrators can cover a number of bases by ensuring that third-party vendors' policies on data usage, storage and disposal are in line with their own. And they can attract the talented InfoSec professionals needed within their own organizations by being competitive on professional development opportunities and focusing on employee empowerment to appeal to those with a mission-driven mindset.
Additionally, IT staff should ensure they educate all stakeholders in a district, from students up to faculty, on how to avoid compromising data and the network's security. End-users tend to be the No. 1 cybersecurity threat in an organization, as it only takes one click on the wrong link for a phishing attack to succeed. Following the example of other IT leaders across both K-12 and higher ed, like University of Dayton CIO Thomas Skill, can go a long way. At Dayton, Skill has successfully implemented a campus-wide initiative that uses regular phishing tests; emails with updates, warnings and the latest security news; and incentives and prizes for people who complete certain actions. Such moves can be key in promoting greater cyber-awareness among students, faculty and staff.
Follow Roger Riddell on Twitter