Keep Your School from Getting Hooked – Avoid Phishing Scams

Cybersecurity incidents targeting schools and districts have grown exponentially over the last few years and show no signs of stopping. And cyberattacks – especially phishing attacks – on schools have never been higher. Phishing has become one of the most successful types of cyberattacks because it plays on people’s emotions, compelling them to act without thinking.

Cyberattacks Cost Schools Time and Money

Every school district is feeling pressured to improve protection of student data, to train employees and staff to recognize threats, and to prevent cyberattacks before they happen. The cost to districts in terms of time and money is significant. Yet, the cost of inaction is even more so: Schools may be closed for days or weeks; regaining access to data may cost thousands of dollars or more in ransom, and the risk exists that personal data of students and teachers may still be leaked on the dark web. These threats are not something to be taken lightly.

Take Action Now and Protect Your School’s Data

Hackers don’t take a break over the holidays, even though schools do. In fact, cyber criminals typically step up their efforts when they think people are distracted and paying little attention to the insidious methods used to access school networks. Here are some steps you should take to be more cybersecure as you learn more about protecting student data.

Multi-Factor Authentication (MFA)

Hackers achieve the most success when all they have to do is crack a password. Let’s face it: We all reuse passwords, use passwords that are easy to break, and store passwords in our browsers. But if having a password isn’t enough to allow hackers network access because they still need a six-digit code that was sent to a phone, or a code from an authenticator app that has to be accessed from a separate device, then they are stopped in their tracks. Requiring MFA can nearly eliminate the risk of successful phishing attempts.

Employee Training

The single most important effort you can make to protect student data is to provide your staff with ongoing training. The more your staff know about recognizing phishing emails, and the more they are empowered to take action – or not –in response to an email request (whether it’s clicking on a link or providing secure data), the more they can become a frontline defense against phishing.

Let Lumen™ Touch Help Secure Your School

In order to know where you need to make improvements to your cybersecurity strategy, you need to know where your weaknesses are. That’s why Lumen Touch is offering a security audit service for schools: Bright LITE™. 

Our customized service offering provides individuals and organizations with the information and education necessary to efficiently evaluate both the risks and opportunities they face. Email sales@lumentouch.com to schedule your audit. 

Advertisement

Student Data Privacy Tips

As school resumes around the country, student data privacy becomes a primary concern for all administrators and IT leaders. Protecting student data is certainly a top priority, but managing how and where student data is collected, shared, and disseminated can be extremely difficult. It’s easy to overlook federal and regional mandates, easier still to overlook parent and student rights when it comes to data sharing.

So, the question is: How can we make it easy for school districts to protect student data?

The easier it is to protect their data, the more likely it is that schools will be capable of doing so to a degree above and beyond basic compliance. It’s not that schools are negligent or lazy about protecting student data; it’s that there are so many other responsibilities resting on the shoulders of education leaders that it all becomes overwhelming. As student data privacy is so technical in nature, it can often be something that is overlooked without anyone even realizing it.

Student Data Security Problems

Unknown App Usage – One of the biggest challenges associated with protecting student data is in how to control who has access to the data and who has the ability to share it. For example, a teacher might sign up to use an app in the classroom and share student data necessary to use the app. But if that app has not been vetted and approved by the school, then the entire school may be at risk of a data breach should the app have security flaws that go undetected because the administration never knew that the app was in use.

Rogue Apps – Even when the use of an app is approved by the school, districts must be able to track each vendor. It’s not easy to track vendors, let alone understand what they do with the student data they obtain, how they store that data, and whether or not they share it with others. And what happens if the app is no longer in use? Does the provider have suitable data destruction policies?

Federal and State Compliance Requirements – Schools must adhere to specific guidance requirements to comply with federal, state, and local regulations. While these regulatory mandates are the least restrictive in terms of protecting student data, they cannot be ignored.

Best Practices for Student Data Privacy

Managing the safety and privacy of student data requires ongoing monitoring and comprehensive, district-wide policies concerning who can share what information with whom. Depending on the contract with your edtech vendor, your data may be left at risk long after students leave your school. These best practices can help to ensure that your schools are doing all they can to protect student data:

1) Establish student data privacy policies to which all employees in the district must adhere. This should include restrictions on independently sourced apps and edtech solutions, specific permission requirements to share student data, and a system for managing vendors and vendor data privacy policies.

2) Communicate clearly with parents. Under FERPA, schools are allowed to share the following data without direct permission: a student’s name, address, telephone number, date and place of birth, honors and awards, and attendance dates. However, parents are allowed to opt out of that. Most schools do not make a concerted effort to communicate parent rights in this area, which can cause aggravation and mistrust. Clear communication policies should be in place that instruct parents about their rights to restrict the data that is shared about their students. Schools should also make it easy for parents to communicate the desire to opt-out.

3) Develop a cybersecurity strategy that protects your students, teachers, and school from the barrage of cyberattacks that have escalated in the last few years. Firewalls, layers of security, regular monitoring, and off-site back up should all be the norm, as should the training of all employees, to help them recognize cyber threats.

4) Hold vendors to strict security standards and vet them carefully. You should be willing to forego working with an edtech vendor that can’t demonstrate the ability to protect student data. Your policies should ensure that the least amount of student roster data required is provided for any app the district implements, and the policy should restrict or prevent third parties from having direct access to your data without strict oversight.

5) Partner with Lumen™ Touch to meet your student data privacy needs. Bright PASSPORT governs how schools share personally identifiable information (PII), such as student roster data. Rather than allow teachers or school districts to implement apps for their classrooms, Bright PASSPORT provides districts with a library of approved apps that have been properly vetted to meet the required security standards. Learn more.

Does Your School Need a Cybersecurity Audit?

In order to know where you need to make improvements to your cybersecurity strategy, you need to know where your weaknesses are. That’s why Lumen Touch is offering a brand new service for schools: Bright LITE. 

Our customized service offering provides individuals and organizations with the information and education to efficiently evaluate both the risks and opportunities they face. 

Let Lumen Touch help you be more secure with Bright PASSPORT and Bright LITE. To learn more, get in touch.

Download the Bright LITE brochure (PDF)