Data breach: 6 ways to defend sensitive school data

More than 28 million education records have been leaked in 1,851 cases since 2005.
Tim Chadwick
Tim Chadwick
Tim Chadwick is the chief information security officer for LINQ. He has 22 years of experience in the IT industry, with the majority of that time spent working with K12 schools and school districts

“Data breach” is one of the scariest phrases a school administrator can hear on any given day. The idea that sensitive information pertaining to students and staff has been leaked can be a chilling (and expensive) problem for district leaders.

Yet those words are being heard more often as data breaches involving schools continue to pile up. More than 28 million education records have been leaked in 1,851 cases since 2005. One leak affected 37 school districts in six states, including hundreds of New York City schools.

Technology provides a myriad of benefits to educators and students—but vulnerabilities can put districts at risk for malicious attacks. With the right measures in place, K-12 leaders can limit the risk of security incidents and keep information secure.

Here are six best practices that can be used to craft a comprehensive security plan for your school or district.

1. Use the cloud

The first decision your district needs to make is how to store the data you have. It may seem counter-intuitive to use the cloud to store your data, but cloud architectures have a uniform application of defense and are constantly logging and monitoring activity.

Storing sensitive information in USB drives, Excel sheets and similar unsecure tools can make it difficult for K-12 leaders to monitor who has access to student data. The cloud supports data encryption, so only authorized users can gain entry—it also mitigates the impact of a power loss, fire or natural disaster.

2. Restrict access to data

Among many other benefits, cloud-stored data makes it easy for K-12 leaders to share and restrict access.

FETC 2023

The Future of Education Technology® Conference takes place live and in-person Jan. 23-26, 2023, in New Orleans. Register now!

Passwords are a key piece of this puzzle—school and district leaders must educate staff on the importance of creating strong passwords and using multi-factor authentication. While this might seem onerous to some staff members, the benefits far outweigh the extra step—multifactor authentication can help prevent 80% to 90% of cyberattacks.

3. Train staff properly

As we all know, the past exposure, training and knowledge of technology vary greatly among school staff. Ensuring that a school community understands not only the importance of digital security but are trained in the common ways cybercriminals act and access school networks to bridge potential gaps in knowledge and streamline training is critical.

More from DA: Disregard this message—Hacker shares X-rated image in Seesaw app 

K-12 leaders must maintain some autonomy over what programs staff are using. When the pandemic pushed education online, educators quickly pivoted to Zoom, and relied on a variety of apps and digital tools to support learning. While this flexibility was necessary, it is also important that the programs being used are safe, and that the vendors can be trusted. K-12 leaders should work in partnership with teachers to determine which solutions are effective and secure.

4. Plan for data breaches

Even with protective measures in place, data can still be breached. Having a contingency plan in place can help districts respond quickly, maintain control, and minimize the impact of a breach. Of course, any incident response plan needs to be tested and updated as threats get increasingly more complex.

5. Budget for network protection

School dollars are always stretched thin but skimping on security can cost much more than the price tag for prevention. The money to secure your network should be considered a part of the entire project, not a separate add-on that could be subject to cost-cutting. Create dynamic, behavior-based detection software and use firewalls and encrypted data storage to further solidify your network.

6. Communicate your plan to students and parents

It’s easy to explain your network security plan to staff, especially when warning them of various scams and helping them set up multi-factor authorization. However, K-12 leaders must also remember to include students and families in the conversation.

Technology was already a valuable resource for teachers and students before the pandemic—and the rapid shift to remote learning greatly accelerated tech adoption in districts. By following the best practices outlined above, K-12 leaders can ensure educators and students have the resources they need to be successful—and most importantly, they can keep their data safe.

Most Popular