eSchool News | Student Data Security Archives https://www.eschoolnews.com/it-leadership/student-data-security/ Innovations in Educational Transformation Thu, 26 Jan 2023 01:10:25 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 https://www.eschoolnews.com/files/2021/02/cropped-esnicon-1-32x32.gif eSchool News | Student Data Security Archives https://www.eschoolnews.com/it-leadership/student-data-security/ 32 32 102164216 How to maintain secure access and data privacy https://www.eschoolnews.com/it-leadership/2022/11/10/how-to-maintain-secure-access-and-data-privacy/ Thu, 10 Nov 2022 10:00:00 +0000 https://www.eschoolnews.com/?p=208564 Cybersecurity is a priority concern for most people accessing the internet. Unfortunately, students aren’t thinking about cyberattacks when they access sites for curriculum, research, and entertainment from their 1:1 devices--devices that are now so prevalent since the pandemic. ]]>

Cybersecurity is a priority concern for most people accessing the internet. Unfortunately, students aren’t thinking about cyberattacks when they access sites for curriculum, research, and entertainment from their 1:1 devices–devices that are now so prevalent since the pandemic.

Schools’ exposure to cyberattacks has also greatly increased due to expanded remote and hyperflex learning.

Join eSchool News and a panel of experts to learn the latest strategies and tools schools are using to help keep student data safe and ensure students’ digital access is secure.

Key takeaways:

  • Learn the latest techniques to secure district systems
  • Discover best practices for educating students and families on proper digital etiquette
  • Ask cybersecurity experts about your data protection concerns
]]>
208564
4 ways to improve your district’s data privacy https://www.eschoolnews.com/it-leadership/2022/04/06/4-ways-to-improve-your-districts-data-privacy/ Wed, 06 Apr 2022 10:00:00 +0000 https://www.eschoolnews.com/?p=205597 With K-12 school districts using cloud collaboration platforms more than ever before, the approach to data privacy in schools is looking a lot different than what administrators are used to.]]>

With K-12 school districts using cloud collaboration platforms more than ever before, the approach to data privacy in schools is looking a lot different than what administrators are used to.

Google Workspace and Microsoft 365 are keeping students and staff connected. These apps have forever impacted the way education is delivered in school.

School districts suffer from data leaks—when a student or staff member shares data outside of the school district’s domain. At the same time, school districts have become one of the most targeted organizations for cyberattacks. Regardless of whether these incidents are malicious or inadvertent, they should not be happening in the first place.

Millions of students and staff have had their sensitive personal information exposed due to the cloud security shortcomings of school districts. The cloud has changed the way districts need to handle the data they store and it’s clear that there is a lack of knowledge among administrators on how to do it.

If you’re a technology leader looking to improve data privacy in your schools, you first need to get more serious about making improvements to the way your district’s data is secured.

The Link Between Data Security and Data Privacy

Data security and privacy in schools are linked. If your school district doesn’t have strong security measures in place, you can’t expect to have great data privacy for your students and staff. Despite the number of incidents impacting school districts increasing, there doesn’t seem to be a rise in concern by administrators—yet.

A recent report found that 37 percent of district-level administrator respondents are not concerned about data breaches. An alarming 43 percent of respondents either are not monitoring for potential violations of government data privacy regulations—such as FERPA, COPPA, and CIPA—or do not know if their district is. Further, 60 percent reported being confident in the security of their district’s cloud environments, but 50 percent said they either do not have a cloud security system in place or do not know if they do.

The report findings suggest that cloud data security is not a high priority for school districts. But, if data privacy is one of the top priorities on your list, data security must also be a priority. Your data no longer only lives in your on-premises servers, hard drives, and school-managed devices. It also lives in the cloud and can be accessed from anywhere, at any time. You must ensure your students and staff are handling their data in ways that will not publicly expose it.

It takes a village to have a strong cybersecurity posture. Administrators, teachers, staff, and students all need to shift their mindset to help keep your data safe and maintain privacy.

4 Ways You Can Improve Your District’s Approach

Administrators—for the most part—under-informed about what it takes to protect your district’s online documents and resources. As you and your team are planning improvements to the way your district approaches cybersecurity and data privacy, here are a few things to consider:

  1. Cybersecurity Audit: Take a look at the current cybersecurity approach your team is taking. Which systems are in the cloud? Which are on-site? Once you know where systems are located, implement tactics to protect them. Multi-factor authentication, data loss prevention, and external sharing standards are great places to start when securing your cloud data.
  2. Educate the educators: Educate your administrative staff, teachers, and students about the cloud. They may not know the steps that need to be taken to protect data. Further, there are people who don’t know which systems are hosted in the cloud or on-site, or how the differences between the two can impact data privacy and security. Having everyone on the same page can help your team make big strides.
  3. Awareness Training: Your staff, teachers, and students are the first line of defense in cybersecurity. At minimum, keep up with cybersecurity awareness training for staff. Integrate cybersecurity education into school curriculum to help educate students on proper cyber hygiene.
  4. Rethink Your Resources: Your school district has likely adopted many edtech SaaS applications to help facilitate learning and collaboration since the start of the pandemic. But, have you devoted the resources to securing them? As with your on-site networks and servers, you need resources built specifically to secure data in the cloud.

Based on the report results, more resources must be allocated to cybersecurity. Districts have turned to cyber insurance, but insurance is not a panacea.

Insurance does help, but it’s up to you and all district IT administrators to be proactive in improving how your district’s data is secured.

Older approaches to cybersecurity worked when access only occurred inside school buildings. Your technology team had visibility of the activity taking place on school networks and on locally stored data. However, this isn’t the way school districts operate anymore. More activity is taking place outside of your network and in the cloud where you have less visibility.

As pandemic restrictions begin to ease, your technology team must be forward-thinking in your cybersecurity approach. More learning activity will move to the cloud and cyberattacks will continue to originate there. It’s important for your cybersecurity approach to adapt as well. Doing so will help keep your data safe and protect the privacy of your students and staff.

]]>
205597
3 ways to strengthen your student data privacy compliance strategy https://www.eschoolnews.com/it-leadership/2021/10/21/3-ways-to-strengthen-your-student-data-privacy-compliance-strategy/ Thu, 21 Oct 2021 09:42:00 +0000 https://www.eschoolnews.com/?p=203565 Cyberattacks and data breaches are infiltrating K-12 communities. To proactively thwart these attempts to steal student data, states such as New York are passing legislation that requires school districts to adhere to stipulated student data privacy compliance regulations.]]>

Cyberattacks and data breaches are infiltrating K-12 communities. To proactively thwart these attempts to steal student data, states such as New York are passing legislation that requires school districts to adhere to stipulated student data privacy compliance regulations.

With so much on their plates already, creating, implementing, and monitoring an effective data privacy compliance strategy is a time-consuming and stress-filled task for most school district leaders.

As the Director of Instructional Technology at a New York school district, I have been leading our data compliance efforts, and I very much understand the significant challenges schools are facing. To help other districts navigate this unpredictable landscape, I have put together the following recommendations:

1. Continuously monitor what your students and teachers are using on their school devices.

With so many free apps and web-based learning tools available, it is extremely difficult for school leaders to track what their students are using if they do not have direct visibility into their students’ and staff’s application usage data. In some instances, teachers are providing their students’ names and dates of birth to access these free resources without realizing the ramifications sharing that information could have on their students’ data privacy.

At my own district, Fayetteville-Manlius School District, we have a rule in place that teachers are not supposed to begin any new software program until they vet it with a member of our instructional technology staff. Despite this policy, I have discovered through CatchOn, a data analytics and data privacy monitoring solution we use, that some educators are continuing to introduce new online tools without notifying our instructional technology team. Even though my team reminds our staff of this policy during our yearly trainings, and the teachers agree to abide by it, I can see through CatchOn that there are products being used that have not been approved and/or vetted.

“I regularly check my CatchOn dashboard to monitor the trending apps being used in the district,” said Chiesa. “Unsurprisingly, there are products being used by teachers and students that are not approved and/or haven’t been vetted, even though our staff has said they would let us know when they wanted to use something and get permission.”

Bottom line:

It’s critical that district leaders keep an eye on what apps and online tools are being used by students and teachers–and not through word of mouth or a survey. You need to actually see what is being used. Some of my colleagues have mentioned that they get this information through their filter, but a filter has so many other functions that it is difficult to track down what apps are being used by whom.

If a program experiences a breach, I can quickly use CatchOn to sort which students have been using that app, see when they used it, and identify how often they used it. Additionally, CatchOn’s IMS Global and Student Data Privacy Consortium data privacy badges add an additional level of assurance and validity regarding the digital tools being used, which is especially valuable for our parent community.

2. Create an organized system for posting and updating approved applications and vendor contracts.

With so many applications being used in their classrooms, it is essential for districts to create an effective tracking system for their edtech tools. Within my district, we are using data analytics to house and track all this critical information because we like having all our approved applications in one place.  Every new software purchase is entered into CatchOn―how much we paid for it, when we purchased it, the renewal date, and the contract. I like being able to quickly see how much we paid for a tool or if we have the contract yet.

Regularly updating the list of approved apps students can use and communicating that list to teachers, students, stakeholders, and parents is also very important. We generate our approved apps and have them posted in multiple places, including on our district website and within our learning management system, which parents have access to.

Bottom line: School districts need to find an effective method of organizing, posting, and updating their approved applications and vendor contracts. And they need to put a system in place to make sure the information does not become stagnant and is regularly updated.

3. Be proactive in your compliance efforts.

Although many states have yet to pass student data privacy legislation, school districts need to be proactive with their compliance efforts and ask questions. Ed Law 2-d was a challenge for everybody in New York, including me, but I’ve really learned a lot through this process.  It’s concerning how long some vendors are keeping their customers’ data–even years after their contract has ended. Also, we are now asking our vendors what security training they provide to their employees who manage their servers.

Districts also need to attain a keen understanding of what software is being used by their students in the event of a breach on the vendor’s side. For example, we had an instance where there was a product that was not approved by our district, and that company had a breach. I reached out to the teachers to confirm it was not being used, and the teachers said they did not use it.  I then checked our district’s analytics, and I could see that there were some individuals using it. Having that visibility is so important because there are always going to be breaches and there are always going to be individuals who may not remember the software they were using.

Bottom line: Districts need to be proactive and diligent about protecting our students.  All districts need to be prepared for an education security breach. They need to know how long companies are holding their data, especially after the district has ended its contract. I don’t see vendors putting that information in their terms of service, so districts need to ask those questions.

With cybersecurity threats and data breaches on the rise, districts need to evaluate their current compliance practices to help safeguard their students’ data. Using a data privacy monitoring tool quickly gives district leaders the visibility, security reviews, and insights needed to strengthen and streamline their data privacy strategies.

]]>
203565
3 keys to protecting student data and privacy https://www.eschoolnews.com/it-leadership/2021/04/29/3-keys-to-protecting-student-data-and-privacy/ Thu, 29 Apr 2021 09:15:00 +0000 https://www.eschoolnews.com/?p=201088 How do educators ensure that they keep students’ data, records, and personal information private and secure?]]>

When the sixth-largest school district in the United States announced in early April that hackers were holding its data ransom for $40 million, administrators everywhere paid attention.

The Fort Lauderdale-area district has 232 schools and a budget of $2.6 billion for the 2020-21 school year—seemingly, the district has plenty of resources to protect against cyberattacks. It also has thousands of students and staff who use hundreds of applications and technologies each day.

How do educators ensure that they keep students’ data, records, and personal information private and secure? And, on the flip side, how do they ensure that the integration with other systems remains seamless, so student data is always up to date, accurate, and accessible to teachers, students, parents, and district officials?

3 considerations for securing student data

1. Security

State and federal data privacy laws apply to school districts along with the vendors who supply hardware and software to them.  But as educators, you need to ensure that their systems go beyond being legally compliant. You must work with companies to prepare for vulnerabilities and threats long before they occur.

Make sure your partners have rock-solid privacy protocols and breach prevention controls at all levels of the company. Ask if they have regular security awareness training and how often they review their privacy policies. Make sure that all the prevention controls they offer–including automatic backups, firewalls, intrusion detection systems, and third-party vulnerability scans and assessments–are activated and working as they should.

It’s also important to be aware of new updates and releases of technology. Sometimes even browser upgrades come with potential vulnerabilities. These can usually be fixed quickly once they are identified–and having a dedicated team in place to keep up with these patches can save you from a potential security incident.

2. Accuracy

Students’ scholastic success depends on the accuracy of their data. Errors in assessments and out-of-sync work creates frustration and confusion – and interrupts students’ progress. Inaccurate information also prevents educators from seeing the true picture of students’ successes and challenges, which can prevent students from getting the support they need.

Your technology partners should have a strong privacy policy and controls to restrict access to as few people as possible. Look for the phrase “principle of least privilege.” This is the difference between inviting a hundred strangers to a party or only inviting a handful of people you trust.

Your partners’ systems should all integrate seamlessly and automatically with your student information systems. This ensures that student data reflects the most recent and relevant work, not a draft file from five days ago. The key to achieving this is parallel processing. Look for a provider that can conduct daily data integrations that are shared across multiple servers in a distributed environment.

3. Availability

All systems might occasionally shut down. These can range from small interruptions to complete outages. Therefore, it’s crucial to make sure your information is backed up to protect you from temporary hassles as well as data loss.

Best practices for backup and recovery include utilizing distributed servers (to ensure that no single server represents a single point of failure). Your technology partners should work with you to establish a disaster recovery plan that’s focused on restoring the system and the information in a timely manner.

Your student data is both a means for learning and a resource for measuring success. Protecting your technological world, no matter its size or complexity, will give you peace of mind the next time you hear about a major breach that impacts an educational institution.

]]>
201088
Are you protecting health data amid COVID-19 testing and tracking? https://www.eschoolnews.com/it-leadership/2020/12/08/are-you-protecting-health-data-amid-covid-19-testing-and-tracking/ Tue, 08 Dec 2020 09:50:30 +0000 https://www.eschoolnews.com/?p=199523 There’s no point mincing words: School districts and administrators have had a heck of a year. Not only have you been under immense pressure from parents and state officials to reopen schools safely, but your teachers are also understandably concerned about virus transmission. What’s more, your plans keep changing and you’re being forced to adapt. It’s an uphill battle, and there’s no doubt you’re doing your best. In all the chaos, you’re now responsible for taking temperatures and doing daily COVID-19 screenings, but you may not have had enough time to research screening devices and do sufficient due diligence before welcoming students back through your doors. Unfortunately, making a purchase like this can open you up to risk. Here’s why, and how to mitigate these risks moving forward. Untested tech, unproven vendors COVID-19 took the world by surprise, and people have taken a waterfall of reactionary measures ever since. Consumers have bought household goods out of panic, and schools have bought screening devices in much the same way - because they needed to. You need to reopen your doors, so you need to perform health checks, as well as COVID-19 testing and tracking. It’s understandable that you may have either purchased a device for your school or been given one to install from your district without first undergoing a complete risk assessment. But these screening devices are largely unproven. Many of them have emerged very recently from vendors that are neither widely known nor trusted. Furthermore, many of them use facial recognition so the technology can connect the dots between the temperatures they’ve taken and whose temperature it is. Do you know how, where, or if that data then gets stored? Whether you have a handheld screening device that looks like a modified cell phone or one that looks like a tablet, you need to understand the associated risks and configure the technology securely. You’re now handling health data You’ve always had to manage and protect student data, but as soon as you pull the trigger on a temperature scanner, you’re dealing with sensitive health information. Some people dismiss temperature data as “just a temperature,” but the reality is that this is health data - and it needs to be treated differently than general student records. When you’re handling health data, the complexity and sensitivity is increased significantly. A lot of COVID-19 testing and tracking devices have a server component to them, so the device sends data to a centralized server system where it’s captured and used for reporting. If someone scans hot, a notification may go out. That notification is then sharing health data. Additionally, many technologies are working to help record contact tracing. This, of course, is another layer of sensitive data, this time about the comings and goings of individuals. So, consider where the personal information captured by these devices goes. Is it being used by the vendor for purposes aside from COVID-19 testing and tracking? Odds are good that it is (or eventually will be). Also, is it part of your network? If so, there’s a possibility that a cybercriminal could access the network - and all the data. There has been an increase in attacks on COVID-19 testing centers, vaccine development facilities, etc. so it’s not a stretch to imagine this type of data being a target within your own walls. Assess risk & make plans If your data, school, or district does get compromised and your screening technology is taken offline, what’s your backup plan? Do you have one? If not, take the time to think through all possible outcomes and what your next moves will be. Whether it’s because of cybercriminals or simply because the technology fails (as all tech does eventually), having contingency processes in place will increase your speed of response and level of security.]]>

There’s no point mincing words: School districts and administrators have had a heck of a year. Not only have you been under immense pressure from parents and state officials to reopen schools safely, but your teachers are also understandably concerned about virus transmission. What’s more, your plans keep changing and you’re being forced to adapt.

Related content: How eLearning coaches can support teachers

It’s an uphill battle, and there’s no doubt you’re doing your best. In all the chaos, you’re now responsible for taking temperatures and doing daily COVID-19 screenings, but you may not have had enough time to research screening devices and do sufficient due diligence before welcoming students back through your doors. Unfortunately, making a purchase like this can open you up to risk. Here’s why, and how to mitigate these risks moving forward.

Untested tech, unproven vendors

COVID-19 took the world by surprise, and people have taken a waterfall of reactionary measures ever since. Consumers have bought household goods out of panic, and schools have bought screening devices in much the same way – because they needed to.

You need to reopen your doors, so you need to perform health checks, as well as COVID-19 testing and tracking. It’s understandable that you may have either purchased a device for your school or been given one to install from your district without first undergoing a complete risk assessment.

But these screening devices are largely unproven. Many of them have emerged very recently from vendors that are neither widely known nor trusted. Furthermore, many of them use facial recognition so the technology can connect the dots between the temperatures they’ve taken and whose temperature it is. Do you know how, where, or if that data then gets stored? Whether you have a handheld screening device that looks like a modified cell phone or one that looks like a tablet, you need to understand the associated risks and configure the technology securely.

You’re now handling health data

You’ve always had to manage and protect student data, but as soon as you pull the trigger on a temperature scanner, you’re dealing with sensitive health information. Some people dismiss temperature data as “just a temperature,” but the reality is that this is health data – and it needs to be treated differently than general student records. When you’re handling health data, the complexity and sensitivity is increased significantly.

A lot of COVID-19 testing and tracking devices have a server component to them, so the device sends data to a centralized server system where it’s captured and used for reporting. If someone scans hot, a notification may go out. That notification is then sharing health data. Additionally, many technologies are working to help record contact tracing. This, of course, is another layer of sensitive data, this time about the comings and goings of individuals.

So, consider where the personal information captured by these devices goes. Is it being used by the vendor for purposes aside from COVID-19 testing and tracking? Odds are good that it is (or eventually will be). Also, is it part of your network? If so, there’s a possibility that a cybercriminal could access the network – and all the data. There has been an increase in attacks on COVID-19 testing centers, vaccine development facilities, etc. so it’s not a stretch to imagine this type of data being a target within your own walls.

Assess risk & make plans

If your data, school, or district does get compromised and your screening technology is taken offline, what’s your backup plan? Do you have one? If not, take the time to think through all possible outcomes and what your next moves will be. Whether it’s because of cybercriminals or simply because the technology fails (as all tech does eventually), having contingency processes in place will increase your speed of response and level of security.

For example, if your device fails, will you use a handheld thermometer and record students’ names and temperatures manually? If so, how will you keep that information secure? Or, will you close the building and send kids home? Whatever scenario keeps your students, staff and data safest needs to be properly mapped out in the event it needs to be followed.

If you haven’t yet purchased and implemented a COVID-19 testing and tracking device, first perform a proper risk assessment on both the technology itself and the vendor. Make sure you understand how the device works, what data it’s capturing, where it’s being stored and how that data will be used today or in the future. Then, take steps to deploy it securely. It should be isolated to its own network or segmented to a virtual LAN. You don’t want any unproven, untested technology on your main network or your risks increase dramatically.

If you’ve already purchased and even begun using such a device, retroactively execute a risk assessment – as soon as possible. Then go through the same steps above. You may need to undo and redo its initial configuration in order to make sure it’s secure and on its own network, but it’s worth the time and energy. After all, you don’t get second chances with protecting sensitive student health data.

]]>
199523
Best practices for protecting data and keeping online learning secure https://www.eschoolnews.com/it-leadership/2020/10/21/best-practices-for-protecting-data-and-keeping-online-learning-secure/ Wed, 21 Oct 2020 09:55:11 +0000 https://www.eschoolnews.com/?p=198809 As the global pandemic extends into the fall, it’s clear that most schools and universities will continue to rely on online instruction in the near term. However, although online instruction can help minimize health risks, it also introduces heightened security risks and highlights the importance of protecting data. This was certainly true in corporate environments, where more than 80 percent of companies saw “slightly to considerably more” cyberattack attempts in the first half of 2020. As the threat landscape continues to evolve, higher education will continue to become an increasingly target-rich environment. Related content: COVID-19 ushers in a new era of cybersecurity To keep their courses and students safe, it’s up to institutions to make cybersecurity top of mind. Robust access control, authentication, data integrity, and content protection are all essential to safeguarding sensitive data and communications. Educators must not only protect sensitive data but take proactive steps to safeguard online communications. Safeguarding a wealth of personal data School systems have long been a ripe target for hackers and other bad actors. Many are especially vulnerable to attacks because they lack the security systems and IT resources that corporations and large enterprises utilize. In 2019, ransomware infections impacted more than 500 schools in the U.S. alone. As schools spend more of their limited IT resources building digital classrooms, the threat is likely to grow. Just this past June, hackers took Columbia College student data hostage and threatened to sell it on the dark web. Most schools host huge volumes of data related to their students, tracking everything from test scores to demographic data, behavior records, financial information and more. To keep this sensitive personal data from falling into the wrong hands, institutions must restrict access and encrypt data, regardless of where it resides. Protecting data in transit When it comes to protecting data that’s in transit, you need to secure your website with a TLS/SSL certificate to encrypt information and maximize trust. Three key types of TLS certificates can provide protection, including Organization Validation (OV), Domain Validation (DV) and Extended Validation (EV). EV certificates, the worldwide standard for protecting extremely sensitive data, offer the highest level of authentication. To enable organizations to manage these certificates, certificate authorities (CAs), like DigiCert validate each type of certificate to a specific level of user trust. Protecting data at rest With so much personal and financial information residing on-premises at education institutions, protecting data onsite is critical to prohibit hackers from harvesting it. The best way to protect data onsite is to encrypt it at rest. If a hacker were to infiltrate a system that contains encrypted data, it would be worthless. Safeguarding third-party platforms Learning management systems (LMS) like Blackboard or Canvas also host a vast array of personal data that is vulnerable to attack. To protect these systems from unauthorized access, two-factor authentication should be mandatory for these systems. Securing online communications and classrooms Classroom and online communications like videoconferencing and email platforms are also vulnerable to hackers and other attacks. We’ve all heard the stories of disruptive “Zoombombing” episodes in education and at private enterprises. Although some of these pranks may seem lighthearted, they disrupt and waste valuable classroom time. Establishing role-based accounts, robust access control and frequent re-authentication can help minimize these issues. Securing school devices Maintaining control over the devices students use to access learning is a powerful way to enforce security for video collaboration and classwork. However, it also requires mechanisms like Mobile Device Management (MDM). MDM lets you control your devices, security profile and level of access for users from anywhere in the world. When combined with PKI for identity management, it offers a formidable security combination.]]>

As the global pandemic extends into the fall, it’s clear that most schools and universities will continue to rely on online instruction in the near term. However, although online instruction can help minimize health risks, it also introduces heightened security risks and highlights the importance of protecting data.

This was certainly true in corporate environments, where more than 80 percent of companies saw “slightly to considerably more” cyberattack attempts in the first half of 2020. As the threat landscape continues to evolve, higher education will continue to become an increasingly target-rich environment.

Related content: Dealing with data during COVID-19

To keep their courses and students safe, it’s up to institutions to make cybersecurity top of mind. Robust access control, authentication, data integrity, and content protection are all essential to safeguarding sensitive data and communications. Educators must not only protect sensitive data but take proactive steps to safeguard online communications.

Safeguarding a wealth of personal data

School systems have long been a ripe target for hackers and other bad actors. Many are especially vulnerable to attacks because they lack the security systems and IT resources that corporations and large enterprises utilize. In 2019, ransomware infections impacted more than 500 schools in the U.S. alone. As schools spend more of their limited IT resources building digital classrooms, the threat is likely to grow. Just this past June, hackers took Columbia College student data hostage and threatened to sell it on the dark web.

Most schools host huge volumes of data related to their students, tracking everything from test scores to demographic data, behavior records, financial information and more. To keep this sensitive personal data from falling into the wrong hands, institutions must restrict access and encrypt data, regardless of where it resides.

Protecting data in transit

When it comes to protecting data that’s in transit, you need to secure your website with a TLS/SSL certificate to encrypt information and maximize trust. Three key types of TLS certificates can provide protection, including Organization Validation (OV), Domain Validation (DV) and Extended Validation (EV). EV certificates, the worldwide standard for protecting extremely sensitive data, offer the highest level of authentication. To enable organizations to manage these certificates, certificate authorities (CAs), like DigiCert validate each type of certificate to a specific level of user trust.

Protecting data at rest

With so much personal and financial information residing on-premises at education institutions, protecting data onsite is critical to prohibit hackers from harvesting it. The best way to protect data onsite is to encrypt it at rest. If a hacker were to infiltrate a system that contains encrypted data, it would be worthless.

Safeguarding third-party platforms

Learning management systems (LMS) like Blackboard or Canvas also host a vast array of personal data that is vulnerable to attack. To protect these systems from unauthorized access, two-factor authentication should be mandatory for these systems.

Securing online communications and classrooms

Classroom and online communications like videoconferencing and email platforms are also vulnerable to hackers and other attacks. We’ve all heard the stories of disruptive “Zoombombing” episodes in education and at private enterprises. Although some of these pranks may seem lighthearted, they disrupt and waste valuable classroom time. Establishing role-based accounts, robust access control and frequent re-authentication can help minimize these issues.

Securing school devices

Maintaining control over the devices students use to access learning is a powerful way to enforce security for video collaboration and classwork. However, it also requires mechanisms like Mobile Device Management (MDM). MDM lets you control your devices, security profile and level of access for users from anywhere in the world. When combined with PKI for identity management, it offers a formidable security combination.

Protecting videoconferencing

As universities and school districts discover more vulnerabilities in their videoconferencing platforms, they are taking proactive steps to make them more secure. For example, the New York City Department of Education recently developed a DOE-licensed version of Zoom. Tailored to the Department’s security standards, it prohibits participants from renaming themselves, blocks private chats and restricts students from controlling screens. Whether you are using Zoom or another video collaboration platform, it’s essential to ensure that only authorized users can access a conference and participate in sharing content.

Safeguarding email

Phishing and other email threats have plagued enterprise corporations for decades and unfortunately, students are highly vulnerable. Making sure that students cannot accidentally install malware on their devices is key, especially if the laptop or tablet has been issued by the school. Students are subject to the same type of phishing accounts as corporate employees. Although there isn’t necessarily a financial gain, hackers do it for fun and then lock out the real students. Especially with school-issued devices, it is key to ensure that students do not accidentally install malware on school property. Protocols such as S/MIME and security through DMARC certification can help you ensure that your email communications are fully protected.

Securing sensitive documents

The need for security isn’t limited to communications and classroom activities. You’ll also want to protect sensitive documents from individuals who may tamper with report cards, transcripts, or diplomas. Digital document signing lets organizations and individuals incorporate a digital signature in a document to prove their identity. It is more secure than scanned signatures and other methods, never expires and can be customized to meet local legal requirements.

It’s clear that the impact of today’s healthcare crisis will continue to ripple across our education systems for months or even years to come. Educators will have plenty of challenges as they shift to online or hybrids of remote and in-person instruction. With strong security best practices in place, they can gain peace of mind in knowing that their students and institutions will stay safe from attacks—and free up time to focus on delivering the best possible learning experience.

]]>
198809
One district’s approach to student data privacy https://www.eschoolnews.com/it-leadership/2020/08/17/one-districts-approach-to-student-data-privacy/ Mon, 17 Aug 2020 09:55:32 +0000 https://www.eschoolnews.com/?p=197929 Every school district is faced with a choice about how to protect student data. As districts have implemented more technology to support digital learning, student data privacy in schools has become a critical issue. It can be a huge undertaking to vet and manage the privacy policies of all of the online resources used in a district. Even with good intentions, most districts do not have adequate protection and are vulnerable to a data breach. These breaches are becoming more common as districts struggle to keep up with technology. Related content: 5 ways IT directors handle student data privacy Here is the story of one district that is doing it right by effectively supporting its student data privacy policy with a comprehensive privacy management tool. Forsyth County Schools District administrators and school board members in Georgia’s Forsyth County Schools were committed to data privacy—and with nearly 50,000 students, the district knew protection was of the utmost importance. District tech leaders actively searched for an enterprise data privacy solution that would allow their teachers and schools to be autonomous in finding and selecting safe applications for use in the classroom. They also knew they wanted a tool that would give local school personnel the ability to independently find online resources that are FERPA and COPPA compliant. These requirements led the district team to EdPrivacy by Education Framework. Like many districts, Forsyth County Schools does not have a large enough IT staff to conduct the labor-intensive evaluation of every digital tool and learning resource used in classrooms throughout the district. District leaders and school board members needed a comprehensive, cost-effective solution to automate this process, and also needed EdPrivacy to integrate with their SSO solution—Classlink. Education Framework worked with the district and developed the integration needed for Classlink. Forsyth educators now have access to more than 10,000 digital resources in the EdPrivacy database, and can order a privacy evaluation for new digital tools and programs at any time. New evaluations are provided within 24-48 weekday hours of each request. Because the EdPrivacy database has an extensive library of approved educational resources, the district has been able to give teachers guidelines and greater latitude in choosing tools and learning resources to support their curriculum, all while protecting student data privacy. Also, the district’s professional development program has spurred adoption and implementation of EdPrivacy throughout the district. Highlights after EdPrivacy’s first year in Forsyth County Schools include: • 1,112 teachers are using the system • 8,356 searches have been completed in the EdPrivacy database • Users are advocates as they help teachers and administrators use the system • Vendor privacy policies are vetted and continuously monitored for changes • Quick turnaround on new edtech privacy vetting requests • 80 percent ROI on Forsyth’s student data privacy efforts]]>

Every school district is faced with a choice about how to protect student data. As districts have implemented more technology to support digital learning, student data privacy in schools has become a critical issue.

It can be a huge undertaking to vet and manage the privacy policies of all of the online resources used in a district. Even with good intentions, most districts do not have adequate protection and are vulnerable to a data breach. These breaches are becoming more common as districts struggle to keep up with technology.

Related content: 5 ways IT directors handle student data privacy

Here is the story of one district that is doing it right by effectively supporting its student data privacy policy with a comprehensive privacy management tool.

Forsyth County Schools

District administrators and school board members in Georgia’s Forsyth County Schools were committed to data privacy—and with nearly 50,000 students, the district knew protection was of the utmost importance.

District tech leaders actively searched for an enterprise data privacy solution that would allow their teachers and schools to be autonomous in finding and selecting safe applications for use in the classroom. They also knew they wanted a tool that would give local school personnel the ability to independently find online resources that are FERPA and COPPA compliant. These requirements led the district team to EdPrivacy by Education Framework.

Like many districts, Forsyth County Schools does not have a large enough IT staff to conduct the labor-intensive evaluation of every digital tool and learning resource used in classrooms throughout the district. District leaders and school board members needed a comprehensive, cost-effective solution to automate this process, and also needed EdPrivacy to integrate with their SSO solution—Classlink.

Education Framework worked with the district and developed the integration needed for Classlink. Forsyth educators now have access to more than 10,000 digital resources in the EdPrivacy database, and can order a privacy evaluation for new digital tools and programs at any time. New evaluations are provided within 24-48 weekday hours of each request.

Because the EdPrivacy database has an extensive library of approved educational resources, the district has been able to give teachers guidelines and greater latitude in choosing tools and learning resources to support their curriculum, all while protecting student data privacy. Also, the district’s professional development program has spurred adoption and implementation of EdPrivacy throughout the district.

Highlights after EdPrivacy’s first year in Forsyth County Schools include:
• 1,112 teachers are using the system
• 8,356 searches have been completed in the EdPrivacy database
• Users are advocates as they help teachers and administrators use the system
• Vendor privacy policies are vetted and continuously monitored for changes
• Quick turnaround on new edtech privacy vetting requests
• 80 percent ROI on Forsyth’s student data privacy efforts

Forsyth’s ROI for protecting student data privacy

The time spent on vetting the privacy of each online resource varies from 30 minutes for a trained person to multiple hours for an untrained individual. Using 30 minutes as a conservative calculation, Forsyth’s 8,356 searches in the EdPrivacy database saved them the equivalent of two FTE, or two full-time employees, using the district’s average salaries. If the vetting activity averaged an hour each, then the district has saved the equivalent of four full-time employees. After one school year, Forsyth has experienced an 80 percent return on its investment in student data privacy and in EdPrivacy.

In addition to this significant savings, Forsyth employees have confidence that they have ensured the ongoing protection of students’ personally-identifiable information. Forsyth educators benefit from the expanding database of approved digital resources and the monitoring of privacy policies on an ongoing basis. District leaders are notified via automatic updates of any changes in the privacy policies.

School data breaches are becoming more common, and there is an urgency for districts to do everything they can to safeguard student information. This type of 24/7 protection assures districts and school boards that they are providing the most comprehensive protection available for their students’ personal data.

]]>
197929
5 truths for building a successful data culture https://www.eschoolnews.com/article/2019/12/17/5-truths-for-building-a-successful-data-culture/ Tue, 17 Dec 2019 10:00:44 +0000 https://www.eschoolnews.com/?p=196023 Whichever assessment practice model you use—be it Response to Intervention (RTI), multi-tiered systems of support (MTSS), or any other—building a positive culture of assessment is the key to success for both students and teachers. Tech tools alone cannot transform your data culture, but the right knowledge and strong leadership can. We’ve found that schools and districts are most successful if they possess these five common traits. The school or district has a broad definition of assessment. The word ‘assessment’ should not be a substitute for the word ‘test’ or ‘grade.’ When teachers, schools, and districts broaden their overall definition of what an assessment can be, teachers are able to get a more complete sense of what a student has learned and where there is still room for improvement. These don’t need to be limited to benchmarking, check-points, or end-of-level tests, and not all assessments factor into a student’s gradebook. Whether it be performance-based evaluations, rubrics, or even a one-on-one conversation about frustrations and successes, think of an assessment as any time you allow a student to demonstrate what they know and don’t know. Teachers and students do not fear assessments. When the statistics come back and the data doesn’t show perfect scores or off-the-charts comprehension, many instinctively assume the data is “bad” and shy away from acknowledging what it can illuminate. All data is good data. Even numbers that reflect a less-than-ideal outcome offer an opportunity to improve and address specific student needs. Just as we tell students, take every opportunity to apply what you’ve learned. Students shouldn’t be afraid to take assessments either. Often, students fall into the trap of seeing every evaluation as a grade that tells them how well they’ve prepared or how “smart” they are. Instead of seeing low scores or numbers and thinking “I can’t do that,” teachers work with students to identify additional learning opportunities and help them reframe the way they see assessments to say, “I can’t do that yet! But I will learn.” Evaluations are opportunities for growth and challenge, rather than a harbinger of doom and gloom. Teachers should have an understanding that no matter where students are in their learning process, the results of assessments are tools to guide further instruction and evaluate the efficacy of their own teaching. The ultimate goal is to refine programs to best benefit the students and meet them where they are. When students see assessments as ways to show off what they know rather than exposing where they fall short, they’ll be more likely to approach them with a positive outlook geared toward learning and addressing their own knowledge gaps. Teachers are engaged in conversations and analysis centered on data. Professional Learning Communities (PLCs) empower teachers with the knowledge and tools to best evaluate student data as a team. From sharing experiences to exchanging resources for growth, teachers making use of PLCs to broaden their own perspectives and create a culture of collaboration. Joining forces with other experienced professionals often paves the way for a more robust program of evaluation (rather than creating competition as some may worry). No educator is an island. Sharing resources and delivering common assessments on a school- or district-wide scale forms a solid foundation of consistent data and allows teachers to get new eyes on data. Working together, teachers and administrators can collaborate on instructional strategies to create a space for conversations that have a real impact on student learning.]]>

Whichever assessment practice model you use—be it Response to Intervention (RTI), multi-tiered systems of support (MTSS), or any other—building a positive culture of assessment is the key to success for both students and teachers.

Tech tools alone cannot transform your data culture, but the right knowledge and strong leadership can. We’ve found that schools and districts are most successful if they possess these five common traits.

The school or district has a broad definition of assessment.
The word ‘assessment’ should not be a substitute for the word ‘test’ or ‘grade.’ When teachers, schools, and districts broaden their overall definition of what an assessment can be, teachers are able to get a more complete sense of what a student has learned and where there is still room for improvement. These don’t need to be limited to benchmarking, check-points, or end-of-level tests, and not all assessments factor into a student’s gradebook. Whether it be performance-based evaluations, rubrics, or even a one-on-one conversation about frustrations and successes, think of an assessment as any time you allow a student to demonstrate what they know and don’t know.

Teachers and students do not fear assessments.
When the statistics come back and the data doesn’t show perfect scores or off-the-charts comprehension, many instinctively assume the data is “bad” and shy away from acknowledging what it can illuminate. All data is good data. Even numbers that reflect a less-than-ideal outcome offer an opportunity to improve and address specific student needs. Just as we tell students, take every opportunity to apply what you’ve learned.

Students shouldn’t be afraid to take assessments either. Often, students fall into the trap of seeing every evaluation as a grade that tells them how well they’ve prepared or how “smart” they are. Instead of seeing low scores or numbers and thinking “I can’t do that,” teachers work with students to identify additional learning opportunities and help them reframe the way they see assessments to say, “I can’t do that yet! But I will learn.” Evaluations are opportunities for growth and challenge, rather than a harbinger of doom and gloom.

Teachers should have an understanding that no matter where students are in their learning process, the results of assessments are tools to guide further instruction and evaluate the efficacy of their own teaching. The ultimate goal is to refine programs to best benefit the students and meet them where they are. When students see assessments as ways to show off what they know rather than exposing where they fall short, they’ll be more likely to approach them with a positive outlook geared toward learning and addressing their own knowledge gaps.

Teachers are engaged in conversations and analysis centered on data.
Professional Learning Communities (PLCs) empower teachers with the knowledge and tools to best evaluate student data as a team. From sharing experiences to exchanging resources for growth, teachers making use of PLCs to broaden their own perspectives and create a culture of collaboration. Joining forces with other experienced professionals often paves the way for a more robust program of evaluation (rather than creating competition as some may worry).

No educator is an island. Sharing resources and delivering common assessments on a school- or district-wide scale forms a solid foundation of consistent data and allows teachers to get new eyes on data. Working together, teachers and administrators can collaborate on instructional strategies to create a space for conversations that have a real impact on student learning.

Teachers know how to leverage real-time data to address student needs.
See evaluations as a tool for constructive feedback on all levels to address students’ needs. Many successful teachers use the ITS model: Identify student levels of understanding; Target students for intervention; Self-evaluate your own instruction and efficacy. Breaking down assessment data allows teachers to see the full picture of a student’s understanding on an individualized level. First, find the students that have room for improvement and target their weak spots for extra attention. Then, take the critical step of understanding how you can improve instruction as a teacher.

Data is not just “collected”—it’s used!
If we solicit data from student evaluations, we have a moral obligation to use that data to benefit those students. For example, benchmark data is integrated in the formative process. One example of a technological tool that helps make the most of student data is Instructure’s MasteryConnect. This product has a Benchmark Compare feature that allows educators to have a side-by-side view of students’ formative and benchmark assessment data, allowing them to identify important patterns and trends in student levels of understanding to inform their instruction. Data is always used to differentiate learning and instruction on an individual basis.

Scary evaluations are a thing of the past. Changing our perspective on assessments can take them from a time-consuming necessity to a useful resource to provide pathways to a better future in academia. In a school atmosphere where evaluations are seen as roadmaps for successful learning, teachers and students both win.

Trenton Goble | VP of K12 Learning
Trenton left his position as an elementary school principal in January 2012 to become MasteryConnect’s Chief Academic Officer and Co-Founder. He now serves as VP of K-12 learning at Instructure. During Trenton’s 19-year career as an educator, he taught various grade levels, served as an Assistant Principal, and spent 11 years working as an Elementary School Principal. Trenton holds an M.Ed in Instructional Technology from Utah State University, and he designed the Mastery Leadership Institute to support school and district leaders in implementing successful data strategies and cultures.

]]>
196023
How one district handles student data privacy https://www.eschoolnews.com/it-leadership/2019/10/07/how-one-district-handles-student-data-privacy/ Mon, 07 Oct 2019 10:00:09 +0000 https://www.eschoolnews.com/?p=195384 Every school district is faced with a choice about how to protect student data. As districts have implemented more technology to support digital learning, student data privacy in schools has become a critical issue. It can be a huge undertaking to vet and manage the privacy policies of all of the online resources used in a district. Even with good intentions, most districts do not have adequate protection and are vulnerable to a data breach. These breaches are becoming more common as districts struggle to keep up with technology. Related content: 5 ways IT directors handle student data privacy Here is the story of one district that is doing it right by effectively supporting its student data privacy policy with a comprehensive privacy management tool. Forsyth County Schools District administrators and school board members in Georgia’s Forsyth County Schools were committed to data privacy—and with nearly 50,000 students, the district knew protection was of the utmost importance. District tech leaders actively searched for an enterprise data privacy solution that would allow their teachers and schools to be autonomous in finding and selecting safe applications for use in the classroom. They also knew they wanted a tool that would give local school personnel the ability to independently find online resources that are FERPA and COPPA compliant. These requirements led the district team to EdPrivacy by Education Framework. Like many districts, Forsyth County Schools does not have a large enough IT staff to conduct the labor-intensive evaluation of every digital tool and learning resource used in classrooms throughout the district. District leaders and school board members needed a comprehensive, cost-effective solution to automate this process, and also needed EdPrivacy to integrate with their SSO solution—Classlink. Education Framework worked with the district and developed the integration needed for Classlink. Forsyth educators now have access to more than 10,000 digital resources in the EdPrivacy database, and can order a privacy evaluation for new digital tools and programs at any time. New evaluations are provided within 24-48 weekday hours of each request. Because the EdPrivacy database has an extensive library of approved educational resources, the district has been able to give teachers guidelines and greater latitude in choosing tools and learning resources to support their curriculum, all while protecting student data privacy. Also, the district’s professional development program has spurred adoption and implementation of EdPrivacy throughout the district. Highlights after EdPrivacy’s first year in Forsyth County Schools include: • 1,112 teachers are using the system • 8,356 searches have been completed in the EdPrivacy database • Users are advocates as they help teachers and administrators use the system • Vendor privacy policies are vetted and continuously monitored for changes • Quick turnaround on new edtech privacy vetting requests • 80 percent ROI on Forsyth’s student data privacy efforts]]>

Every school district is faced with a choice about how to protect student data. As districts have implemented more technology to support digital learning, student data privacy in schools has become a critical issue.

It can be a huge undertaking to vet and manage the privacy policies of all of the online resources used in a district. Even with good intentions, most districts do not have adequate protection and are vulnerable to a data breach. These breaches are becoming more common as districts struggle to keep up with technology.

Related content: 5 ways IT directors handle student data privacy

Here is the story of one district that is doing it right by effectively supporting its student data privacy policy with a comprehensive privacy management tool.

Forsyth County Schools

District administrators and school board members in Georgia’s Forsyth County Schools were committed to data privacy—and with nearly 50,000 students, the district knew protection was of the utmost importance.

District tech leaders actively searched for an enterprise data privacy solution that would allow their teachers and schools to be autonomous in finding and selecting safe applications for use in the classroom. They also knew they wanted a tool that would give local school personnel the ability to independently find online resources that are FERPA and COPPA compliant. These requirements led the district team to EdPrivacy by Education Framework.

Like many districts, Forsyth County Schools does not have a large enough IT staff to conduct the labor-intensive evaluation of every digital tool and learning resource used in classrooms throughout the district. District leaders and school board members needed a comprehensive, cost-effective solution to automate this process, and also needed EdPrivacy to integrate with their SSO solution—Classlink.

Education Framework worked with the district and developed the integration needed for Classlink. Forsyth educators now have access to more than 10,000 digital resources in the EdPrivacy database, and can order a privacy evaluation for new digital tools and programs at any time. New evaluations are provided within 24-48 weekday hours of each request.

Because the EdPrivacy database has an extensive library of approved educational resources, the district has been able to give teachers guidelines and greater latitude in choosing tools and learning resources to support their curriculum, all while protecting student data privacy. Also, the district’s professional development program has spurred adoption and implementation of EdPrivacy throughout the district.

Highlights after EdPrivacy’s first year in Forsyth County Schools include:
• 1,112 teachers are using the system
• 8,356 searches have been completed in the EdPrivacy database
• Users are advocates as they help teachers and administrators use the system
• Vendor privacy policies are vetted and continuously monitored for changes
• Quick turnaround on new edtech privacy vetting requests
• 80 percent ROI on Forsyth’s student data privacy efforts

Forsyth’s ROI for protecting student data privacy

The time spent on vetting the privacy of each online resource varies from 30 minutes for a trained person to multiple hours for an untrained individual. Using 30 minutes as a conservative calculation, Forsyth’s 8,356 searches in the EdPrivacy database saved them the equivalent of two FTE, or two full-time employees, using the district’s average salaries. If the vetting activity averaged an hour each, then the district has saved the equivalent of four full-time employees. After one school year, Forsyth has experienced an 80 percent return on its investment in student data privacy and in EdPrivacy.

In addition to this significant savings, Forsyth employees have confidence that they have ensured the ongoing protection of students’ personally-identifiable information. Forsyth educators benefit from the expanding database of approved digital resources and the monitoring of privacy policies on an ongoing basis. District leaders are notified via automatic updates of any changes in the privacy policies.

School data breaches are becoming more common, and there is an urgency for districts to do everything they can to safeguard student information. This type of 24/7 protection assures districts and school boards that they are providing the most comprehensive protection available for their students’ personal data.

]]>
195384