Technology is no longer a complementary tool in the classroom; it’s the primary operational hub for education. Case in point: Ed tech adoption in K—12 grew by 99 percent in 2022. Yet, this rapid development has come with cybersecurity and data privacy concerns that call for better policy compliance and security enforcement from third-party apps and ed tech vendors.
Despite the risks, digital learning software has allowed teachers to create repositories of course content for students to revisit at any time. It has also helped teachers build hyper-individualized education plans for children with special needs and create interactive content to engage students in a richer learning program.
Click the banner to learn the latest security trends in K-12 by becoming an Insider.
Despite these benefits, improper implementation of e-learning can tarnish its advantages and make it a cumbersome approach to teaching. Consequences range from data breaches to a lack of data interoperability, software misconfigurations and slow adoption by teachers and students.
However, by following a few best practices, districts can avoid the hazards and help everyone reap the benefits of online educational software. Let’s explore four pitfalls to avoid:
1. Failing to Thoroughly Review Student Data Vendor Policies
A recent report showed that third-party access to data and networks was directly linked to cyberattacks, with schools accounting for 13 percent of the organizations polled. Only 36 percent of respondents were aware of which parties had access to what data, internally and externally, which is one of the main issues when implementing digital learning software.
Districts must keep an eye on third-party use of school resources, particularly when it comes to students’ data. For example, students might sign up for gaming, lifestyle and shopping apps with their school email, opening the door to data breaches. Without a tool to control unsanctioned app and data use, security policies are just words on paper.
Schools should also ensure their software vendors have specific language regarding the Children’s Online Privacy Protection Act in their privacy policies. Here, it’s paramount to know two things from vendors: Who within the software company has access to the school’s data, and under what circumstances can they access it? For example, many vendors access customer data only when IT teams provide explicit permission with a support ticket.
Do not use software companies that claim their infrastructure security certifications and practices are confidential. Vendors should always disclose this information to schools that wish to know how they safeguard data. Keep in mind that having certifications like the Student Privacy Pledge, although legally binding, only outlines existing laws; they don’t assess a vendor’s actual security policies.
EXPLORE: How application analysis can students and prevent cyberattacks.
2. Ignoring Tried-and-True Tools to Secure the School Network
No matter how secure schools make their networks, they will always be prone to cyberattacks. Ultimately, safety comes down to the IT team’s budget and its ability to monitor and control networks on an ongoing basis.
School districts can use the following tools to lessen the chances of a cyberattack:
- Endpoint management provides real-time visibility into which devices have access to the network, allowing for virus scans and easy patching.
- Cloud security helps control unauthorized access to data and prevents data loss from cyberattacks, such as ransomware. Many districts use programs such as Google Workspace or Microsoft 365.
- Network monitoring tools alert admins to anomalies and performance issues on the district’s network.
3. Failing to Select Software That Integrates with In-House Systems
Often, staff and teachers export a lot of information into spreadsheets, then save it in the cloud and import the data into other systems. This manual data handling can easily expose files containing sensitive, personally identifiable information. Although free tools can be great for the classroom, they don’t often integrate well with in-house systems and can create interoperability issues.
It’s helpful to use vetted applications because unifying operations is what they do best. Applications from trusted and reliable vendors integrate well with other systems, so it’s better to spend what’s needed to ensure data safety throughout the network and avoid staff time spent managing various apps and their data.
For K–12, Project Unicorn is a relatively new organization that helps districts achieve interoperability, offering resources such as interoperability certification and a free rubric that schools can use to help evaluate vendors.
RELATED: Why more schools should implement single sign-on.
4. Failing to Train Primary Users on How to Properly Use the Software
Software implementation doesn’t end when it’s acquired: Everyone must be ready to use it. To ensure this, districts and their IT teams should work directly with the primary users. If it’s classroom tech, include instructional technology, teachers and principals in the purchasing decision, implementation and training processes. If it’s software for the business office, involve the head of staff.
The bottom line: School districts are responsible for vetting the digital learning software that accesses student data, as well as the vendors that provide it. Ensuring proper use, privacy compliance and interoperability will make for a seamless transition and secure implementation. By following these suggestions, the many advantages of ed tech will shine in the classroom, making it a gain rather than a burden.