Why You Must Ask about Cyber-security
Technology, they said, would make our lives easier. In some respects, it has. In others, technology has created challenges that schools and communities must address. One of the biggest threats to safety at any school is cyber-security.
Who’s got your child’s data, and what will they do with it?
Data breaches from outside agents
You might expect that your child’s school would vet any vendor wanting to collect your child’s personal data, such as SSNs and your family information. Most schools do a good job of it. They purchase software from reputable edtech companies with robust cybersecurity measures. Administrators check contracts for details about how data is collected, masked, and disposed of.
Unfortunately, not all edtech companies are as conscientious about data protection as you might hope. They may say they purge personally identifiable information each year, but there’s no way to tell.
Additionally, teachers may bring in apps not yet approved by the IT department. These apps could be Trojan horses that hope to collect student information and then disappear.
The people you trust
Your child’s private data could fall into the wrong hands through carelessness, too. School employees with almost unlimited access to data could compromise your child’s data. It’s unlikely that teachers would sell your child’s data. The payoff for such an illegal act isn’t worth the sacrifices made to get a degree and professional teaching certifications.
However, how many teachers take work home with them? They sometimes carry bags of homework and books, but it’s much easier and more convenient to slip a USB stick containing personal information into a pocket or purse. That tiny device can fall out at a gas station or restaurant, and suddenly, your child’s personally identifiable information is in the wrong hands. The teacher who was hoping to catch up on grades or analyze the latest test result has not committed a data breach.
Areas to review at your child’s school
Just like you would ask about fire prevention and safety, you should also inquire into cyber-security protocols at your school. Request a parent meeting to discuss cyber-security measures that the district and campus take. Specifically, look for strategies likes these:
· Teacher and employee training. The law is clear about who may and may not access student information. Only those with an instructional need may view confidential student data. Teachers, aides, and even administrators fall in the category. Custodians do not. The campus must provide training on how to handle data and report lost files.
· Risk analysis. The IT department should review all software programs for data integrity and compliance with cyber-security standards. Those that do not make the grade must be disallowed.
· Cloud storage vs. USB portability. USB sticks are handy, but they get lost easily. A safer alternative is cloud storage. Teachers upload files into the cloud and retrieve them from another device. However, the district and school should have a policy that employees cannot view and download cloud-based data on public WiFi networks, such as those at coffee shops and airports.
Cyber-security is a concern for every school and university. The risks of not addressing personal data safety are great, but they can be minimized and sometimes eliminated. It will happen when parents and schools work together to protect our children.