The rapid spread of the coronavirus (COVID-19) is forcing many schools and districts to send staff and faculty home. In the best case scenarios, K-12 leaders are allowing employees to take district equipment off school property with them, such as a laptop or word-processing software that can be operated offsite with relative ease.
In these cases, schools and districts need to have IT asset tracking mechanisms in place to ensure this equipment is accounted for and working properly. Here are six IT asset management best practices for information technology officials to consider.
1. Sign out and track all IT assets that are being taken home. No IT assets should be allowed to leave a school or district site for the first time without formally accounting for each movement.
2. Make sure solid firewall and passcode protections are in place for accessing company systems. Schools that have implemented proper IT asset management procedures will “scale up” to accommodate a shift in traffic from the workplace to remote access.
3. Consider requiring staff and faculty to sign a Non-Disclosure Agreement (NDA) about the data they will have access to outside the office. The data is often significantly more valuable than the IT assets in which it is contained. Vital company information may be at stake and an NDA sends a message to employees that they have serious responsibilities that must be honored and respected.
Related: 13 free K-12 resources during coronavirus pandemic
Related: Expert tips for shifting to online learning during COVID-19
4. Provide education and training to staff and faculty about how to responsibly manage their equipment and the district’s data. For example, parents who are accustomed to allowing a child or spouse to use a personal smartphone or computer must be coached to avoid doing so with district IT assets. School systems may also elect to forbid the use of district IT assets on public Wi-Fi networks, such as coffee shops and fast-food restaurants.
5. Monitor faculty and staff data use and other remote practices. It would be nice to assume everyone will follow the rules and be a team player, but that doesn’t always happen. Any potential for mischief or data abuse may be heightened in a work-from-home environment. Remember that most data breaches are caused by insiders, not outside hackers.
6. Tighten up the reins on Bring Your Own Device (BYOD) practices. The reality is that the longer someone is out of the office, the more likely it is that they will do school or district business on their personal smartphone, computer, tablet or other Bring Your Own Device (BYOD) asset. A device that is BYOD could simply be a personal phone that receives work emails. If the faculty or staff member’s contract or policy language does not give the data rights to the organization, the IT asset manager will need to make an addendum giving the rights to the organization. The employee may own the device, but the work-related data is 100 percent owned by the district.
Barbara Rembiesa is president and CEO of International Association of IT Asset Managers.
