| | NOVEMBER - 20179CIOReviewThe capabilities and resources of IT and technology teams in schools across the U.S. are also varied. Small schools may have very limited staff, or may rely on outside service providers. Technology teams are frequently made up of individuals with more background in education than technology and data security. As it has in the enterprise space, the skillset for CIOs in schools and the public sector is changing; computer securitythe ability to craft and execute a comprehensive policy to organize teams and processes and to respond to threatsis a required skill in today's schools.What's a school to do? Fittingly, since we're talking about schools, it begins with education. Educate students: Children and teens are growing up with social media, online services, and constant access to both personal and school-owned devices. This can put sensitive data at risk. Even though we think of them as "digital natives", knowledge about the threats of data breaches and how to protect their personal information isn't something they're born with; it needs to be taught. But often, even parents and teachers aren't fully aware of the risks.Education should be focused on the whole community. One of the ways the community around Orange County Public Schools is addressing this is by hosting a Data Protection Event, where students, parents, and educators and the community are invited and can learn about the risks as well as how to protect themselves.Educate Teachers, Staff, and Parents: Even a school with a fully staffed security team can't be in every classroom, therefore it's critical to educate and empower teachers. Make sure teachers and school staff understand the risks and the importance of data security so they can reinforce it with every lesson. Ensure your Acceptable Use Policy covers data privacy and security issues and make sure everyone starts the year reading, understanding and discussing it, not just signing it.Reinforce with a Measured take on Discipline: Anyone working in education knows that kids like to push limits and test boundaries. Online services and devices give students new opportunities to do that, and hacking into gradebooks or into a classmate's social media account is common. These "attacks" don't always lead to serious harm and students are simply trying to prove they can do it. It's important that students know, via an Acceptable Use Policy and education, what expectations are and what the response will be to these behaviors.It's also essential that the response should be measured. One of the most effective forms of discipline is having students, (depending on the given situation) who are caught breaching data security policies, work with their school's CIO and security team to share how they accomplished it, why they did it, and to assist with ongoing efforts to protect. At Orange County Public Schools, we are proposing they do presentations and trainings to teach their peers about data security. Work Together: Demand for security professionals across all industries is high, and schools often can't compete to hire a full team with the expertise they need for their unique needs. But that doesn't mean it's a lost cause; rather, it's an opportunity to collaborate to pool resources and knowledge. In our community in Florida, local district security personnel are meeting and working together to discuss security-related issues and share best practices and lessons learned. Even better: if a district has a threat, they don't have the expertise to deal with, they can call on their neighbors for help. This type of community collaboration makes the best use of the personnel and talent a school has, and builds the trust needed to work together on sensitive issues. Nobody is safe from identify theftnot even the youngest students. As CIOs in education, we need to build the best processes we can to protect them with technology, educate them to take action and protect themselves in their day-to-day use of technology, and work together as a community. Not only does this help our schools and students today, it also lets us educate and prepare them to be the security professionals needed in the workforce tomorrow. Jim Pulliam
<
Page 8 |
Page 10 >