May 09 2023

Schools Must Take a Two-Pronged Approach to Protect Students and Staff

Admins should look for the right people and tech solutions to ensure physical safety and cybersecurity.

In today’s highly digital learning environment, school leaders must be vigilant in their efforts to keep students safe from physical harm and to keep their data secure online.

K–12 IT teams are increasingly involved in both areas: They’re implementing new tech for physical security and strengthening schools’ cyber protections. Unfortunately, schools face many challenges in their drive to protect students and staff. Limited budgets can hold school admins back from making purchases, and IT staff often don’t have security expertise or the time to undergo training.

MORE ON EDTECH: How can schools bolster cybersecurity on a budget?

Additionally, having the right technologies in place — and a robust IT team to manage them — isn’t always enough to fully secure K–12 schools. Security must be a mindset for everyone on staff at a school. This requires professional development and administrators who prioritize security practices.

Technologies and Training Ensure Appropriate Online Access

When it comes to cybersecurity, most schools aren’t meeting the basic standards of the National Institute of Standards and Technology’s cybersecurity framework. They’re not even near where they need to be. Identity and access management is a big part of the NIST framework, which focuses on five pillars of security: identification, protection, detection, response and recovery.

Click the banner to learn the latest security trends in K-12 by becoming an Insider.

With appropriate IAM controls in place, schools can limit who has access to what information. Unfortunately, with high turnover rates in many K–12 districts, it can be hard for understaffed IT teams to manage access for new and departing employees. And with so many substitute teachers coming and going, it can be difficult to determine who should have access to what, and for how long.

Automated systems and processes can help IT teams manage IAM. Tools like those from Tanium, for instance, help schools with next-generation endpoint security. This ensures the right users have access to the right information. A cafeteria worker, therefore, isn’t accessing student information systems and is instead concentrating on students’ account balances for lunches.

However, even with these protections in place, it’s still imperative to train staff on the importance of cybersecurity and how it works. This can help prevent ransomware attacks. Additionally, teaching students about the risks of a cyberattack can keep them from trying to hack into the school’s network. This can happen for myriad reasons, including a desire to change grades or wreak havoc on the day of a big test.

LEARN MORE: How are students launching cyberattacks against their own districts?

Staying on top of cybersecurity isn’t an easy task, but it helps protect student and staff data from malicious actors.

Technologies and Training Help Manage Access to Schools

As with cybersecurity, there are many tools and solutions districts can put in place to improve physical security — and many challenges preventing them from adopting these technologies.

Some of the best protections for schools are access control systems, which control who can access a building and how they gain entry. Many new K–12 buildings are built with access control in mind; they have double vestibule doors that keep unwanted visitors out. Even older buildings and back doors can be outfitted with keycards and scanners that only authorized staff can use to access the building. Slowing someone down can save lives in a worst-case scenario.

However, all of these protections can be useless without proper training and vigilance.

Administrators must communicate to their secretarial staff who should be let into the building. Teachers must take their badges if they go outside with students rather than propping doors open. And teachers should never hand over their badges to coworkers or students.

These basic security protocols can be difficult to follow when you consider that schools open at 5 or 6 a.m. and can remain open past 11 p.m. with various clubs, activities, sports and events that take place within school walls. Beyond that, there are many people coming and going in a school at any given time. There are delivery drivers, parents, teams, coaches, community members and more who may need access. It takes a disciplined approach to keep complacency at bay.

It may be hard for parents to accept that they can’t just walk into a school building for band practice or to drop off a forgotten lunch. But it’s important to remember that these restrictions are put in place for school safety, and everyone wants students to learn in a secure environment.

This article is part of the “ConnectIT: Bridging the Gap Between Education and Technology” series.

[title]Connect IT: Bridging the Gap Between Education and Technology

FatCamera/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.