EDTECH: How can smaller districts prevent attacks, especially if they lack a security staff?
VANCE: The main thing is focusing on human error. So many issues occur entirely because of human error — from including the wrong attachment to clicking on a phishing email — but it also means that people can target those they think have administrative access. The more that districts focus on human error, the more they can mitigate these things.
Any steps are good steps. If schools improve even a little bit, that can help protect them from some of the attacks that will occur. This is a mitigation game, not an elimination game.
Districts should also engage with local CoSN or ISTE chapters because there’s strength in numbers. Regional service agencies can also help districts. There is more federal grant funding available than there used to be, which districts can take advantage of.
EDTECH: What should administrators know about protecting data in a way that maintains FERPA compliance?
VANCE: This is not something that happens overnight. It’s less about the laws and more about crafting a fundamental respect for privacy and understanding at the administrative and teacher level about the things that happen if you don’t respect privacy and security.
I’ve been studying the issue of what training administrators and educators need on privacy. A lot of it goes back to creating a culture of privacy.
It’s not about saying you’re complying with this law. At its core, it’s about being respectful of the data of the children that you’re serving.