Data security is a big concern due to the amount of technology that has been introduced into schools in recent years. Knowing how to keep information safe and secure is important, but how can that be achieved with so many technological advancements being made on a regular basis?
Christine Jones, Educational technology Coordinator for the Palmdale School District in California and recent winner of a tech & Learning Award Innovative Leader Award for Best Data Privacy Implementation during the Denver Regional Leadership Summit, discusses ways you have improved data security practices at your school and how educators can keep student and teacher data safe from outside threats.
Threats to data are not new
When it comes to protecting student data in and out of school, the threats they are exposed to are nothing new. Security breaches have been happening for years.
“In 2016-2017, our district suffered a ransomware attack. That was shortly after I joined the district and it was not a pretty sight,” Jones says. “It was a moment where we realized our security was very well set up for physical events. We had off-site areas where our records were kept. There were multiple locations in anticipation of fires, earthquakes, and that sort of thing. But we hadn’t done a great job of thinking about a digital attack or event.”
Following this event, Jones and the district made a concerted effort to enhance cybersecurity initiatives.
The influx of apps and the need for data privacy agreements
In the past, computer security was simply a matter of adding one or two programs to prevent outside interference. Many of the programs used on computers were known to be safe. However, with the growing number of programs, data is increasingly at risk.
“The risk is higher because everything is installed digitally or comes from the internet, and everything is uploaded to the cloud,” Jones says. “The biggest problem started to emerge when a lot of these apps started requiring accounts. You had to have an account to participate or play. It took me a while to understand what was happening, how that data was transferred to the app and how it could be used. And that’s when I started to carefully read their policies and their agreements and wonder what was happening with our data.”
Many people tend to sign up for a service or provide their information without thinking twice. This type of behavior can put your data at serious risk. However, there are some regulations aimed at safeguarding that information.
“In California, we became aware of the NDPA, the National Data Privacy Agreement, and started looking at it more closely, and at the same time, CITE, California IT and Education, started leading the charge in terms of how carefully we scrutinize the programs we’re adopting,” Jones says.
As a result, Jones has developed a curated list of “approved” resources that can be found on the district’s website and helps guide staff to digital resources that have been reviewed and deemed “high quality.” To receive this designation, resources must have data privacy agreements (DPAs) in place with the district, have appropriate and completely ad-free content for students, and not be connected to social media, blogs, or any other type of social sharing.
The list is updated monthly as DPAs are updated. New resources may be added and current resources may be removed if any do not meet district guidelines.
Implementing security measures at the expense of convenience
Keeping student information secure is critical, and making it difficult to access devices is essential.
“Last year we implemented multi-factor authentication and got some criticism,” Jones says. “So we gave them several ways to authenticate. One was through a YubiKey. The positive of this method is that you are the only person with access to the USB device. The negative was that the physical device could be left at home or lost. With multi-factor authentication, teachers can authenticate with their devices. I would say 90% of our staff choose to do it through their phone or iPad because it is easier for them.”
While it may take a little longer to log into an account or access sensitive information, implementing MFA can be the difference between keeping your data safe and leaving it exposed to a breach.
