Cybersecurity is a high priority in your district but having the resources in place to effectively manage these threats is difficult. The awareness campaigns, policies, and tools that you have in place are important and part of a three-pronged approach to security; people, process and technology.
You have taken all of precautions! You have implemented Student Information Systems (SIS) that provides access granularity based on a legitimate educational interest and implemented data governance polices that provide a framework to manage data as an asset. Yet your student data still became exposed.
Data leaks can happen in many ways. Most are unintentional and without malice. For example, an employee exports student information to a spreadsheet on their device or a USB drive, to work on later, while they are offline. Then they lose the device. It is unprotected and whoever finds it has access to all the information.
Or it can be very intentional. A person with access to Personally Identifiable Information (PII) prints or copies the data to sell later. Or someone without the proper authority was granted access because the SIS was misconfigured. All instances that you would never know about until it is too late. And with student data this can take years to uncover as the breach may not be realized until the student applies for their first credit card.
This is not meant to discuss the risks of using electronic data, but to assist in preventing data leakage. You have probably issued or have been inundated with security briefings, training, and warnings. And your security team (if you are lucky enough to have one) has been overwhelmed with the latest phishing, virus, spamming, DDoS attempts, ransomware and balancing the filter options between appropriate and inappropriate material. There are many tools to help your security team manage the latest threats and you have probably implemented filtering, malware detection and advanced threat protection.
Another tool that is beginning to emerge in the K-12 space to assist in data loss is a Data Loss Prevention and Protection (DLP) solution. Driven by stricter student privacy laws and student identity theft, DLP is tool that allows organizations to monitor who, when and where critical data is sent outside their network. This technology automates, captures, and notifies you when your data may be at risk. It is another layer that is needed to secure our student’s data well past their pre-K through 12th grade experiences.
Debbie Karcher is a Senior Education Advisor for iboss. Before joining iboss she was chief information officer of Miami Dade County Schools, the nation’s fourth-largest school district in the United States. At Miami Dade County Schools Karcher directed the information systems and a network infrastructure that included more than 400 schools and administrative locations with over 390,000 connected devices.
Debbie has spearheaded cost-saving initiatives and system deployments that received worldwide recognition. She has led a wireless initiative that provided campus-wide wireless access to all 400 locations and 30,000 access points making it one of the largest wireless initiatives in the nation.
She has an award-winning background that includes recognition as a nationally-acclaimed executive and a history for setting trends in the K-12 Technology.
To learn more about how to secure large school district networks download our whitepaper "K-12 Cybersecurity Involves More Than Just CIPA Compliance