Cybersecurity is a priority concern for most people accessing the internet. Unfortunately, students aren’t thinking about cyberattacks when they access sites for curriculum, research, and entertainment from their 1:1 devices–devices that are now so prevalent since the pandemic.

Schools’ exposure to cyberattacks has also greatly increased due to expanded remote and hyperflex learning.

Join eSchool News and a panel of experts to learn the latest strategies and tools schools are using to help keep student data safe and ensure students’ digital access is secure.

Key takeaways:

• Learn the latest techniques to secure district systems
• Discover best practices for educating students and families on proper digital etiquette
• Ask cybersecurity experts about your data protection concerns

With K-12 school districts using cloud collaboration platforms more than ever before, the approach to data privacy in schools is looking a lot different than what administrators are used to.

Google Workspace and Microsoft 365 are keeping students and staff connected. These apps have forever impacted the way education is delivered in school.

School districts suffer from data leaks—when a student or staff member shares data outside of the school district’s domain. At the same time, school districts have become one of the most targeted organizations for cyberattacks. Regardless of whether these incidents are malicious or inadvertent, they should not be happening in the first place.

Millions of students and staff have had their sensitive personal information exposed due to the cloud security shortcomings of school districts. The cloud has changed the way districts need to handle the data they store and it’s clear that there is a lack of knowledge among administrators on how to do it.

If you’re a technology leader looking to improve data privacy in your schools, you first need to get more serious about making improvements to the way your district’s data is secured.

The Link Between Data Security and Data Privacy

Data security and privacy in schools are linked. If your school district doesn’t have strong security measures in place, you can’t expect to have great data privacy for your students and staff. Despite the number of incidents impacting school districts increasing, there doesn’t seem to be a rise in concern by administrators—yet.

Cyberattacks and data breaches are infiltrating K-12 communities. To proactively thwart these attempts to steal student data, states such as New York are passing legislation that requires school districts to adhere to stipulated student data privacy compliance regulations.

With so much on their plates already, creating, implementing, and monitoring an effective data privacy compliance strategy is a time-consuming and stress-filled task for most school district leaders.

As the Director of Instructional Technology at a New York school district, I have been leading our data compliance efforts, and I very much understand the significant challenges schools are facing. To help other districts navigate this unpredictable landscape, I have put together the following recommendations:

1. Continuously monitor what your students and teachers are using on their school devices.

With so many free apps and web-based learning tools available, it is extremely difficult for school leaders to track what their students are using if they do not have direct visibility into their students’ and staff’s application usage data. In some instances, teachers are providing their students’ names and dates of birth to access these free resources without realizing the ramifications sharing that information could have on their students’ data privacy.

At my own district, Fayetteville-Manlius School District, we have a rule in place that teachers are not supposed to begin any new software program until they vet it with a member of our instructional technology staff. Despite this policy, I have discovered through CatchOn, a data analytics and data privacy monitoring solution we use, that some educators are continuing to introduce new online tools without notifying our instructional technology team. Even though my team reminds our staff of this policy during our yearly trainings, and the teachers agree to abide by it, I can see through CatchOn that there are products being used that have not been approved and/or vetted.

When the sixth-largest school district in the United States announced in early April that hackers were holding its data ransom for $40 million, administrators everywhere paid attention.

The Fort Lauderdale-area district has 232 schools and a budget of $2.6 billion for the 2020-21 school year—seemingly, the district has plenty of resources to protect against cyberattacks. It also has thousands of students and staff who use hundreds of applications and technologies each day.

How do educators ensure that they keep students’ data, records, and personal information private and secure? And, on the flip side, how do they ensure that the integration with other systems remains seamless, so student data is always up to date, accurate, and accessible to teachers, students, parents, and district officials?

3 considerations for securing student data

1. Security

State and federal data privacy laws apply to school districts along with the vendors who supply hardware and software to them.  But as educators, you need to ensure that their systems go beyond being legally compliant. You must work with companies to prepare for vulnerabilities and threats long before they occur.

There’s no point mincing words: School districts and administrators have had a heck of a year. Not only have you been under immense pressure from parents and state officials to reopen schools safely, but your teachers are also understandably concerned about virus transmission. What’s more, your plans keep changing and you’re being forced to adapt.

Related content: How eLearning coaches can support teachers

It’s an uphill battle, and there’s no doubt you’re doing your best. In all the chaos, you’re now responsible for taking temperatures and doing daily COVID-19 screenings, but you may not have had enough time to research screening devices and do sufficient due diligence before welcoming students back through your doors. Unfortunately, making a purchase like this can open you up to risk. Here’s why, and how to mitigate these risks moving forward.

Untested tech, unproven vendors

COVID-19 took the world by surprise, and people have taken a waterfall of reactionary measures ever since. Consumers have bought household goods out of panic, and schools have bought screening devices in much the same way – because they needed to.

As the global pandemic extends into the fall, it’s clear that most schools and universities will continue to rely on online instruction in the near term. However, although online instruction can help minimize health risks, it also introduces heightened security risks and highlights the importance of protecting data.

This was certainly true in corporate environments, where more than 80 percent of companies saw “slightly to considerably more” cyberattack attempts in the first half of 2020. As the threat landscape continues to evolve, higher education will continue to become an increasingly target-rich environment.

Related content: Dealing with data during COVID-19

To keep their courses and students safe, it’s up to institutions to make cybersecurity top of mind. Robust access control, authentication, data integrity, and content protection are all essential to safeguarding sensitive data and communications. Educators must not only protect sensitive data but take proactive steps to safeguard online communications.

Safeguarding a wealth of personal data

School systems have long been a ripe target for hackers and other bad actors. Many are especially vulnerable to attacks because they lack the security systems and IT resources that corporations and large enterprises utilize. In 2019, ransomware infections impacted more than 500 schools in the U.S. alone. As schools spend more of their limited IT resources building digital classrooms, the threat is likely to grow. Just this past June, hackers took Columbia College student data hostage and threatened to sell it on the dark web.

Every school district is faced with a choice about how to protect student data. As districts have implemented more technology to support digital learning, student data privacy in schools has become a critical issue.

It can be a huge undertaking to vet and manage the privacy policies of all of the online resources used in a district. Even with good intentions, most districts do not have adequate protection and are vulnerable to a data breach. These breaches are becoming more common as districts struggle to keep up with technology.

Related content: 5 ways IT directors handle student data privacy

Here is the story of one district that is doing it right by effectively supporting its student data privacy policy with a comprehensive privacy management tool.

Forsyth County Schools

District administrators and school board members in Georgia’s Forsyth County Schools were committed to data privacy—and with nearly 50,000 students, the district knew protection was of the utmost importance.

Whichever assessment practice model you use—be it Response to Intervention (RTI), multi-tiered systems of support (MTSS), or any other—building a positive culture of assessment is the key to success for both students and teachers.

Tech tools alone cannot transform your data culture, but the right knowledge and strong leadership can. We’ve found that schools and districts are most successful if they possess these five common traits.

The school or district has a broad definition of assessment.
The word ‘assessment’ should not be a substitute for the word ‘test’ or ‘grade.’ When teachers, schools, and districts broaden their overall definition of what an assessment can be, teachers are able to get a more complete sense of what a student has learned and where there is still room for improvement. These don’t need to be limited to benchmarking, check-points, or end-of-level tests, and not all assessments factor into a student’s gradebook. Whether it be performance-based evaluations, rubrics, or even a one-on-one conversation about frustrations and successes, think of an assessment as any time you allow a student to demonstrate what they know and don’t know.

Every school district is faced with a choice about how to protect student data. As districts have implemented more technology to support digital learning, student data privacy in schools has become a critical issue.

It can be a huge undertaking to vet and manage the privacy policies of all of the online resources used in a district. Even with good intentions, most districts do not have adequate protection and are vulnerable to a data breach. These breaches are becoming more common as districts struggle to keep up with technology.

Related content: 5 ways IT directors handle student data privacy

Here is the story of one district that is doing it right by effectively supporting its student data privacy policy with a comprehensive privacy management tool.

Forsyth County Schools

District administrators and school board members in Georgia’s Forsyth County Schools were committed to data privacy—and with nearly 50,000 students, the district knew protection was of the utmost importance.