It’s back-to-school season and while students and their families shop for new clothes, backpacks and school supplies, teachers and administrators are also busy outfitting their schools with tools to support a productive and safe school year. There’s no question technology is a core component for creating powerful learning environments. Seventy-five percent of teachers today use technology in their classrooms on a daily basis. But with technology adoption comes risks to teachers, staff, and students that must not be overlooked.
While cybersecurity is a constant challenge for any industry, the education sector is particularly hard hit. According to Verizon’s 2017 Data Breach Investigations Report, the number of total security incidents in the education sector outranked both healthcare and retail. This is partly due to limited school funding and the fact school district networks house a variety of sensitive information including credit card numbers, Social Security numbers, and sometimes even medical information.
Data breaches, ransomware and student misuse, whether intentional or not, all contribute to insecurity within K-12. Regardless of the type or severity of attack, it’s clear that educational institutions need to have a strategy in place for minimizing the potential of a security breach as well as a recovery plan for after one hits. While there is no one-size-fits-all solution for combating threats, investing in the right tools and crafting appropriate processes or procedures can significantly reduce their impact.
Another challenge that comes along with the digital transformation of the classroom is the inability for school districts to demonstrate that technology is having a real impact on learning outcomes, which in turn impacts their ability to secure new investment in the near future. If you can’t prove devices are being used effectively and that they improve student performance, securing future technology investments is virtually a leap of faith.
Here are five key best practices that foster a safe and effective learning environment for students and staff along with some useful tips from our education customers.
- Promote awareness. As technology continues to evolve, so will the number of risks and cybersecurity issues. You need to constantly refresh your IT staff on the latest policies, procedures, and compliance regulations to make sure they remain up to date. Teachers and parents must also work together to highlight and enforce the 9 Pillars of Digital Citizenship with students. These pillars include information on basic digital literacy, rights and responsibilities, online safety awareness, password protection and appropriate usage. For example, one of our customers has posters throughout their different campuses and stickers on their computers, promoting best practices and deterring criminals by making it very clear that all devices are protected.
- Set strict guidelines and policies. Make sure your IT team sets clear usage policies and strictly enforces them. For example, you might require teachers to have security software installed on their devices. Closely monitor how students and staff use devices and apps, both on and off the school’s network. For example, one of our high school district customers issues a comprehensive policy for staff that outlines regulations for how technology should be used responsibly to support their teaching programs. The district also has an acceptable technology use document that students and parents are required to review and sign annually.
- Correlate student performance with appropriate use of technology. Your school district has purchased devices for the students and staff, but how you hold the users accountable for them is a different story. Your IT staff needs to be able to tell whether school-owned devices are being used for the intended purposes or if they are sitting in a drawer, on or off the school´s network. Then this information can be compared to academic performance at the student, teacher, classroom or even school level, to ensure consistent results across the district.
- Protect sensitive data. With ransomware attacks on the rise, perform regular backups of all critical information to limit the impact of a data breach. Ideally, all devices should be encrypted at all times and should not contain any sensitive data or have unauthorized software installed that the user is not allowed to access to do their job. For example, thousands of our customers routinely scan for credit card information, other sensitive data or unauthorized apps, and check encryption status on all devices.
- Build an incident-response playbook. More schools and IT departments are integrating cybercrime response into their school’s crisis plan so that students and staff can be educated and prepared if and when a crisis occurs. These plans should serve as living documents that include initial response proposals as well as long-term plans, and also be accompanied by tools that allow your IT staff to gain operational efficiencies to ensure a quick response. For example, if a device is reported lost or stolen, your IT staff should be able to confirm that the device was encrypted at the time of the incident, or remotely wipe it or lock it down to render it useless until it is recovered.
While K-12 schools will continue to be a top target for cyber threats in this and future school years, focusing on basic cybersecurity practices and investing in the right technology and procedures will help prevent staff, teachers, and students from becoming victims of the next major data breach.
Learn how top performing schools use Absolute to empower safe, smart and secure learning environments on Absolute.com and watch our video about Santa Margarita High School, winner of our 2018 Trailblazer Award.