Data security is a big concern with the amount of technology being introduced to schools in recent years. Knowing how to keep information safe and secure is important, but how can that happen with so many advances in technology being made on a regular basis?
Christine Jones, Coordinator of Educational Technology for the Palmdale School District in California and recent winner of a Tech & Learning Innovative Leader Award for Best Implementation of Data Privacy during the Denver Regional Leadership Summit, discusses the ways she has upgraded data safety practices in her school and how educators can keep student and teacher data safe from outside threats.
Data Threats Are Not New
When it comes to protecting students’ data in and out of school, the threats they are exposed to are not a new occurrence. Breaches in security have been happening for years.
“Our district, back in 2016-2017, had a ransomware attack. That was shortly after I joined the district and it was not a pretty sight,” says Jones. “It was a moment where we realized that our security had been set up for physical events very well. We had offsite [areas] where our records were being kept. There were multiple locations in anticipation of fire, earthquakes, and that kind of thing. But we hadn’t done an excellent job of thinking about a digital attack or event.”
On the heels of this event, Jones and the district made a concerted effort to improve cybersecurity efforts.
The Influx of Apps and the Need for Data Privacy Agreements
Previously, computer security was a simple addition of one or two programs to thwart outside interference. Many programs that were used on computers were known to be safe. However, with the ever-growing influx of programs, data is increasingly at risk.
“The risk is higher because everything is installed digitally or comes from the internet, and you’re loading everything up into the cloud,” Jones says. “The bigger issue started happening when a lot of these apps started requiring accounts. You had to have an account to participate or to play. It took a little time to understand what was happening, how that data was being transferred to the application and how it might be used. And that’s when I started carefully reading their policies and their agreements and wondering [what’s happening with our data?]”
Many people tend to sign up for a service or give our information without a second thought. This kind of behavior can put their data at serious risk. But there are some regulations in place meant to safeguard that information.
“In California, we became aware of the NDPA, the National Data Privacy Agreement, and so we started to take a closer look at that and at the same time CITE, California IT and Education, started to lead the charge for how carefully we look at the programs we’re adopting,” says Jones.
As a result, Jones has developed a curated list of “Approved” resources that can be found on the district website that helps to guide staff to digital resources that have been reviewed and have been deemed “high quality.” To receive this designation the resources must have current data privacy agreements (DPAs) in place with the district, have appropriate fully ad-free content for students, and are not connected to social media, blogs, or any other type of social sharing.
The list is updated monthly as DPAs are updated. New resources may be added and current resources may be removed if any fail to adhere to district guidelines.
Implementing Security Measures at the Cost of Convenience
Keeping student information safe is critical, and to do so means making access to devices more challenging.
“We just implemented multifactor authentication this past school year, and we did get some pushback,” says Jones. “So we gave them multiple ways to authenticate. One was through YubiKey. The positives with this method is that you’re the only person with access to the USB device. The negative was that the physical device could be left at home or misplaced. Using MFA, teachers could authenticate with their devices. I’d say that 90% of our staff choose to do it through their phone or their iPad because they found it simpler.”
Even though it might take a little while longer to log into an account or access some sensitive information, having MFA implemented can be the difference between keeping your data safe, and leaving your data wide open for a breach.
Tools Jones Uses
- Classlink
- YubiKey