In today’s world where hacking and other forms of cyber-attacks abound, it isn’t enough to simply expect that the IT staff has data security under control. According to the White House Council of Economic Advisors, in 2016, cyber threats costs the U.S. economy between $57 and $100 billion. The same document articulated that “cybersecurity is a common good.” Schools are not immune, and a recent review of a dark web marketplace by Flashpoint for access to compromised Remote Desktop Protocol servers proved that. Two-thirds of the server information available was from educational entities.
School district leaders needs to be proactive in asking the following questions to ensure that data security is being taken seriously. Are realistic safeguards in place to protect student and staff privacy? Can your district recover data in the case of an emergency or disaster?
Question 1: Are your password procedures up to speed?
Password and account security needs to be ramped up. Required password changes should be implemented at least each semester, if not every 90 days. IT staff are often hesitant to require such changes as staff grumble about this and take up a great amount of help desk time when changes are required. Leadership should try to insulate the IT staff from these types of complaints and at the same time ensure that strong password policies are in place. Passwords are moving toward a dozen characters and reQu1ring! the inclusion of capital letters, numbers, and special characters. Make sure no one shares their passwords with anyone—not even their trusted assistant.