This article was originally published on EdTechMagazine.
Think the responsibility for data security and privacy rests only with IT staff? Think again.
What is your district’s cybersecurity plan? What happens when there is a data breach?
What are the current cybersecurity vulnerabilities that need to be addressed? What are plans for upcoming staff professional development related to cybersecurity? What are the policies and processes for vetting educational apps and software used in the classroom?
Administrators, can you and members of your team, aside from the IT professionals, answer these questions? If not, it’s a problem.
That’s because there is shared responsibility for district cybersecurity, starting at the top. Superintendents are crucial to district cybersecurity efforts. They establish “student data privacy as a priority for the district,” according to the Trusted Learning Environment Seal Program
from the Consortium for School Networking (CoSN)
. They also provide resources, ensure stakeholders such as parents and other community members are informed about the district privacy program, among other things.
It’s no secret that K–12 school districts are not only frequent targets for cyberthieves — a problem exacerbated by their persistent challenges with resources (time, money and personnel). There’s also a point experts frequently make about cybersecurity for K–12 schools and districts: The primary issues start with people
In other words, it’s people who click links in sketchy emails and exhibit haphazard cyberhygiene. People, particularly administrators, also take a hands-off approach to cybersecurity, leaving the bulk of the work — and the concern — to IT pros.
Districts don’t offer regular cybersecurity training to staff. IT teams and curriculum administrators don’t collaborate on digital citizenship instruction for students. Administrators don’t support IT teams’ cybersecurity efforts nor work to create a culture of security
And the problems persist.
Boost Stakeholder Engagement in Cybersecurity
There are numerous ways administrators can break down silos among IT, operations and curriculum for a team approach to cybersecurity. Here are a few examples of ways to get started.
Ask questions and stay informed — and encourage others to do the same. One simple thing administrators, as well as other school leaders and educators, can do is to inform themselves about cybersecurity. This doesn’t mean they need to be technology experts. But they can start by asking questions about relevant procedures and what the current response is to data breaches or other cyber incidents, advised Amy McLaughlin, a CoSN cybersecurity project director, during a session at the 2020 Future of Education Technology Conference in Miami
. (CoSN offers a framework called Building an Effective Technology Team
Administrators could also participate in district threat assessments and offer buy-in as well as other support. As appropriate, include other stakeholders in those conversations.
Vet software and mobile apps used in the classroom. In a 2019 Gallup survey
, 53 percent of teachers reported that their students use digital learning tools every day to learn. About 7 in 10 students said they use such tools outside of school for schoolwork at least a few days a week, Gallup reported. Given the popularity of one-to-one computing initiatives in schools and the proliferation of internet-connected devices, it’s important to be vigilant about the information shared as well as related risks. The education privacy website FerpaSherpa
suggests questions to ask when evaluating an app, website, product or service, such as whether it collects personally identifiable information. Ratings might also be available on sites such as Common Sense Media
Train, support and be vigilant. Send educators, including teachers, to education technology conferences to learn best practices and obtain information they can later share with peers. IT professionals and educators can work together on digital citizenship instruction for students (as well as faculty and staff). Offer regular, progressive training and foster conversations about cybersecurity best practices.
Another good idea is to deploy artificial intelligence. Content filtering tools
, such as those from Lightspeed Systems
, not only help block students’ access to harmful content but also include privacy features that can support protecting sensitive information.
Costs and Benefits of Investing in Cybersafety
Understand that cybersecurity affects all areas of a district and school, from networking and payroll to the classroom. There also are regulatory concerns, such as FERPA, and an increasing number of laws pertaining to data privacy and security.
Last year, at least 43 states and Puerto Rico “introduced or considered close to 300 bills or resolutions that deal significantly with cybersecurity,” according to the National Conference of State Legislatures
. Georgia lawmakers, for example, approved appropriations for cybersecurity training and related initiatives in schools, according to NCSL.
Schools and districts can’t afford to be lax about security. That’s true because of the costs of mitigating breaches, lost instruction time, damaged or compromised data as well as taking a blow in terms of public perception and trust.
Investing in a team approach to cybersafety now will pay off in the long run.