Laptops and cloud applications like Google Workspace and Microsoft 365 have become as essential to the school supply list as notebooks, binders, and pencils. Many schools now have a 1:1 model, meaning each student is issued a notebook or tablet device in order to access online learning materials and resources, both in the classroom and at home. Teachers, administrators, and staff members use these cloud-based productivity applications like email, spreadsheets, and word processing. Schools of today simply can’t function without these education-oriented technologies and applications.
But the benefits of collaboration and convenience of cloud technology do not come without risk. Unfortunately, cloud security for education is necessary to protect student and staff information data while keeping everyone safe. Here are 3 reasons why you must include a K-12 cloud security solution on your school’s supply list this year.
While cloud application solutions offer a lot of benefits, they also introduce the risk of exposing personally identifiable information that must be protected.
Child identity theft is on the rise. According to Experian, over 1 million children were victims of identity fraud, costing families north or $540 million in 2017 alone. Because it’s a relatively new trend, parents rarely think to check to see if their children have a credit report. As a result, criminals can get away with running up credit accounts using a child’s identity for years before their credit is flagged—often when that child is applying for student loans or their first credit card.
Schools require a lot of information from parents and students during enrollment, potentially exposing them to significant cybersecurity risks. Administrators have a duty to make sure that information is being secured from both accidental exposure and malicious theft by putting dedicated K-12 cloud security solutions in place.
There are numerous data security and privacy requirements that are mandated by laws and regulations such as the Family Educational Rights and Privacy Act (FERPA); the Children’s Internet Protection Act (CIPA); the Children’s Online Privacy Protection Act (COPPA); the Health Insurance Portability and Accountability Act (HIPAA); and many other state laws and local policies.
As an example of local or regional legislation, ManagedMethods’ own home state of Colorado enacted the Student Data Transparency and Security Act in June of 2016. This act supplements existing laws pertaining to the collection, management, storage, and sharing of Student Personally Identifiable Information (PII). The purpose of this law is to increase the transparency and security of all Student PII that the Colorado Department of Education (CDE) and Local Education Providers (LEPs) collect and maintain.
There can be significant penalties for failure to adequately protect personal and financial data such as payroll information, school financial information, and student personal information. According to the K-12 Cybersecurity Resource Center, there have been more than 350 cybersecurity-related incidents since 2016, many of which exposed personal data. Many of the reported incidents were unintentional mistakes as opposed to outright cyberattacks, meaning well-intentioned people just got careless. Nevertheless, no matter the intention of the breach, the incidents represent dangerous exposures to information.
Schools are now being held accountable for what is happening in students’ personal lives, even off-campus and outside of school hours. This includes bullying by classmates, signs of dangerous and/or violent intentions, and signs of abuse at home.
Clues to these signals often appear in email messages, on social media, and in cloud file-sharing apps like Google Drive or Microsoft OneDrive. With a cloud application security tool in place, it’s possible for staff to monitor content and activity to uncover threats, signs of mental illness or stress, bullying, abuse, and offensive content. Then alerts can be sent and action can be taken to help ensure the well-being of students, faculty, and staff.
For example, during the extensive reviews of past school shootings, it was learned that in some of those events, content hinting at the nature of the events was posted prior to the actual occurrence of the violence. Had technology been implemented to analyze such content, early warning signs could have been flagged, prompting potential intervention.
ManagedMethods can attest to an incident at a high school where three students’ intent to commit suicide was discussed via a shared Google doc. ManagedMethods’ technology, used to routinely scan the school’s Google account, flagged the word “suicide” and alerted school administrators to the plan. An intervention led to getting the kids into counseling sessions and preventing the unthinkable.
Often, school administrators and staff don’t fully understand the serious nature of cloud security within their education technology environment. And we get it—school budgets are tight, and cloud security often expensive and complicated to install and manage. But the rewards of confidently securing your cloud application environment far outweigh the costs. Especially for schools using ManagedMethods’ easy, low-cost, and (most importantly) effective cloud application security solution.