These security best practices can help school stakeholders keep the focus on teaching and learning.
A school's most important priority is to facilitate learning. But creating an environment that stimulates learning while also protecting students and staff requires that attention be paid to people, property and data.
Because technology is now central to every student's learning process and every school's operation, we must manage all of the risks that students and staff face in the digital age. Besides addressing personal safety issues, we must protect our systems and data from accidental or deliberate intrusion, be it from internal or external sources. We also must ensure that our schools' learning goals aren't blocked, their operations aren't disrupted and their public support isn't undermined.
Taking the Lead
John Bailey, former director of educational technology for the U.S. Department of Education, once identified these four key objectives for every school security plan: to protect data; to prevent misuse of resources; to prevent interruption of operations; and to keep students safe.
Every year, schools collect data about student performance, as well as personal, health and financial information. A school's obligation to protect it isn't just a matter of integrity; we're legally required to do so.
Our networks are designed to promote learning within and beyond school walls. But without strong security, network resources can be used to launch denial-of-service attacks against others, to spread viruses, for personal business and for other inappropriate activities. If our technology systems aren't functioning, they aren't adding value. Without security, the task of keeping things running will quickly overwhelm the resources districts are able to deploy – leaving less time and money for teaching, learning and administrative functions and activities.
What's more, parents trust us to keep their children safe during the hours that they are in our care. This responsibility includes their physical and online safety. As we increase our reliance on technology, this requirement takes on greater significance.
The Consortium for School Networking recently released tools to help schools understand where they are in the security process, what they need to do to address security issues and the steps they can take to achieve a more secure environment. They are divided into four areas of importance: management, technology, end users and business continuity.
To successfully protect their networks, data and users, schools must put in place a management plan that clearly defines security strategies and processes. This means identifying and training the security team, dedicating the appropriate funding to security initiatives and giving personnel the resources they need to provide a security system with high reliability.
It's also important to understand legal compliance issues concerning schools' relationships with their networks and data, and to have clear plans for implementing district policies. When stakeholders believe that the IT system is adding value to teaching and learning goals, they are more likely to accept the inconveniences that come with following security practices and to give IT staff the resources they need to put it into practice.
Network attacks are increasing at an alarming rate. It's important, therefore, to establish a strong perimeter. School IT leaders must secure their wide area and local area networks by ensuring that only authorized users have access. Authentication also can help prevent unauthorized parties from accessing sensitive information.
It's easier to use and manage network resources effectively if hardware and software are standardized, so make that a goal. Backups should be scheduled frequently. Also monitor and test systems regularly to maintain reliability. Remember, too, that your systems may be at risk if your vendors have holes in their security.
Make users active participants in the security process. Enforcing strong password policies is critical. Monitoring software installations also can maximize efficiencies and assure legality and system compatibility.
Putting the appropriate technologies in place is only part of the equation. Informing school staff through ongoing professional development of the importance of their role in maintaining security can help build a community of trust that will support the safety mission and encourage the use of network resources.
Security breaches often occur by accident when uninformed users leave open programs they aren't using or fail to protect passwords. We must provide a safe environment for students and staff, but they, too, must understand their roles and responsibilities. Do this by teaching them about the ethics and legalities of digital citizenship.
As more students and staff acquire mobile computing devices, pressure will mount for school IT leaders to open their networks to accommodate these tools. Establishing policies and educating users about appropriate use will help schools successfully support these additional devices.
As schools develop crisis preparedness plans, they must focus on the key role technology plays. Continuity of operations includes looking at physical and environmental issues to prevent and work around service disruptions. But it also involves training, responding and rebuilding as necessary.
The Bottom Line
Schools must be diligent, informed and consistent in ensuring that their technical systems are installed, updated, tested and monitored. Users must know their role in the process, and administrators must understand the financial and legal requirements of maintaining a safe system.
Linda Sharp is project director of the Consortium for School Networking's Cyber Security for the Digital District Leadership Initiative.
The Consortium for School Networking's Cyber Security for the Digital District Leadership Initiative provides information and tools to help school technology leaders analyze their network's current security status in comparison with other districts and against industry best practices, validating what they are doing well and giving them insight into how risk can be further reduced. The initiative also offers strategies for developing and implementing a cost-effective action plan to strengthen security and handle crises, as well as guidance for communicating the importance of security to the school community.
CoSN members can access a new Cyber Security Toolkit designed to help education leaders determine where their school is in the process and take steps to ensure that their environment is safe and their security plan is complete. To learn more, visit cosn.org/cybersecurity.