Tag Archives: cybersecurity

Keep Your School from Getting Hooked – Avoid Phishing Scams

Posted on by
Reply

Cybersecurity incidents targeting schools and districts have grown exponentially over the last few years and show no signs of stopping. And cyberattacks – especially phishing attacks – on schools have never been higher. Phishing has become one of the most successful types of cyberattacks because it plays on people’s emotions, compelling them to act without thinking.

Cyberattacks Cost Schools Time and Money

Every school district is feeling pressured to improve protection of student data, to train employees and staff to recognize threats, and to prevent cyberattacks before they happen. The cost to districts in terms of time and money is significant. Yet, the cost of inaction is even more so: Schools may be closed for days or weeks; regaining access to data may cost thousands of dollars or more in ransom, and the risk exists that personal data of students and teachers may still be leaked on the dark web. These threats are not something to be taken lightly.

Take Action Now and Protect Your School’s Data

Hackers don’t take a break over the holidays, even though schools do. In fact, cyber criminals typically step up their efforts when they think people are distracted and paying little attention to the insidious methods used to access school networks. Here are some steps you should take to be more cybersecure as you learn more about protecting student data.

Multi-Factor Authentication (MFA)

Hackers achieve the most success when all they have to do is crack a password. Let’s face it: We all reuse passwords, use passwords that are easy to break, and store passwords in our browsers. But if having a password isn’t enough to allow hackers network access because they still need a six-digit code that was sent to a phone, or a code from an authenticator app that has to be accessed from a separate device, then they are stopped in their tracks. Requiring MFA can nearly eliminate the risk of successful phishing attempts.

Employee Training

The single most important effort you can make to protect student data is to provide your staff with ongoing training. The more your staff know about recognizing phishing emails, and the more they are empowered to take action – or not –in response to an email request (whether it’s clicking on a link or providing secure data), the more they can become a frontline defense against phishing.

Let Lumen™ Touch Help Secure Your School

In order to know where you need to make improvements to your cybersecurity strategy, you need to know where your weaknesses are. That’s why Lumen Touch is offering a security audit service for schools: Bright LITE™

Our customized service offering provides individuals and organizations with the information and education necessary to efficiently evaluate both the risks and opportunities they face. Email sales@lumentouch.com to schedule your audit. 

3 Cybersecurity Teachings to Make Your School Cyber Safe

Posted on by
Reply

Some students have already returned to the classroom. Over the next few weeks, the halls of schools around the country will be filled with the sounds of laughter and chaos as the rest of students return. To prepare for the new school year, school districts have been working hard to have in place everything from the right technology to the right staff. But there are three back-to-school goals every school should have in order to ensure cyber safety and peace of mind for students, staff, and parents.

Improve School Cybersecurity

According to The State of Ransomware in Education 2022 report from Sophos,

  • Ransomware attacks on (K-12) education have increased 56%
  • K-12 schools struggle to thwart ransomware attacks, with 72% of attacks being successful
  • 45% of K-12 schools that have experienced an attack paid the ransom to retrieve their encrypted data, with a very small percentage of them actually getting back the entirety of their data.
  • K-12 schools spent $1.58 million on ransoms and data recovery last year

Take Action: In order to know where you need to make improvements to your cybersecurity strategy, you need to know where your weaknesses are. That’s why Lumen™ Touch is offering a cybersecurity audit service for schools: Bright LITE. Our customized service offering provides individuals and organizations with the necessary information and education to efficiently evaluate both the risks and opportunities they face.  Download the Bright LITE brochure (PDF)

Protect Student Data

Every year, districts choose new technology solutions that will help deliver the right curriculum to their students. With those choices come concerns about rostering student data multiple times to a variety of different vendors. It can be cost- and time-prohibitive to vet each vendor.

Take Action: Bright PASSPORT governs how schools share personally identifiable information (PII), such as student roster data. Rather than allow teachers or school districts to implement apps for their classrooms as they see fit, thereby increasing cyber risk in the schools, Bright PASSPORT provides districts with a library of approved apps that have been properly vetted to meet the required security standards. Partner with Lumen Touch to meet your student data privacy needs.

Become a Smart, Connected District

smart, connected school district requires:

A comprehensive school management tool that includes:

  • Online registration
  • Attendance
  • Discipline
  • Nutrition services
  • Health and wellness
  • Truancy
  • Transportation
  • Fees, fines, and point of sale

A secure database with built-in backup and recovery

A comprehensive teaching and learning system that includes:

  • Curriculum and assessment
  • Scheduling
  • Grade reports and transcripts
  • Learning management system
  • After-school programs
  • Diploma tracking

Real-time reporting:

  • Any data, anywhere
  • State reporting
  • Customized reports
  • Real-time goal tracking

Communication tools:

  • Customized user portals
  • Instant messaging
  • Email
  • Personalized content

Comprehensive support, including train the trainer

Take Action: Lumen Touch Bright SUITE® provides districts with everything they need to deliver a better educational experience from start to finish. A one-stop-shop for schools, Bright SUITE incorporates everything a district needs, from a learning management system to student information systems to health-and-safety monitoring and reporting. With distinctive modules for special education, a full edtech solution library, and modules for teacher professional development, Bright SUITE is an all-in-one enterprise management solution that not only allows districts to save money, but it also creates a secure and connected school district with real-time data that lets educators make the best decisions for all students. Learn more.

Student Data Privacy Tips

Posted on by
1

As school resumes around the country, student data privacy becomes a primary concern for all administrators and IT leaders. Protecting student data is certainly a top priority, but managing how and where student data is collected, shared, and disseminated can be extremely difficult. It’s easy to overlook federal and regional mandates, easier still to overlook parent and student rights when it comes to data sharing.

So, the question is: How can we make it easy for school districts to protect student data?

The easier it is to protect their data, the more likely it is that schools will be capable of doing so to a degree above and beyond basic compliance. It’s not that schools are negligent or lazy about protecting student data; it’s that there are so many other responsibilities resting on the shoulders of education leaders that it all becomes overwhelming. As student data privacy is so technical in nature, it can often be something that is overlooked without anyone even realizing it.

Student Data Security Problems

Unknown App Usage – One of the biggest challenges associated with protecting student data is in how to control who has access to the data and who has the ability to share it. For example, a teacher might sign up to use an app in the classroom and share student data necessary to use the app. But if that app has not been vetted and approved by the school, then the entire school may be at risk of a data breach should the app have security flaws that go undetected because the administration never knew that the app was in use.

Rogue Apps – Even when the use of an app is approved by the school, districts must be able to track each vendor. It’s not easy to track vendors, let alone understand what they do with the student data they obtain, how they store that data, and whether or not they share it with others. And what happens if the app is no longer in use? Does the provider have suitable data destruction policies?

Federal and State Compliance Requirements – Schools must adhere to specific guidance requirements to comply with federal, state, and local regulations. While these regulatory mandates are the least restrictive in terms of protecting student data, they cannot be ignored.

Best Practices for Student Data Privacy

Managing the safety and privacy of student data requires ongoing monitoring and comprehensive, district-wide policies concerning who can share what information with whom. Depending on the contract with your edtech vendor, your data may be left at risk long after students leave your school. These best practices can help to ensure that your schools are doing all they can to protect student data:

1) Establish student data privacy policies to which all employees in the district must adhere. This should include restrictions on independently sourced apps and edtech solutions, specific permission requirements to share student data, and a system for managing vendors and vendor data privacy policies.

2) Communicate clearly with parents. Under FERPA, schools are allowed to share the following data without direct permission: a student’s name, address, telephone number, date and place of birth, honors and awards, and attendance dates. However, parents are allowed to opt out of that. Most schools do not make a concerted effort to communicate parent rights in this area, which can cause aggravation and mistrust. Clear communication policies should be in place that instruct parents about their rights to restrict the data that is shared about their students. Schools should also make it easy for parents to communicate the desire to opt-out.

3) Develop a cybersecurity strategy that protects your students, teachers, and school from the barrage of cyberattacks that have escalated in the last few years. Firewalls, layers of security, regular monitoring, and off-site back up should all be the norm, as should the training of all employees, to help them recognize cyber threats.

4) Hold vendors to strict security standards and vet them carefully. You should be willing to forego working with an edtech vendor that can’t demonstrate the ability to protect student data. Your policies should ensure that the least amount of student roster data required is provided for any app the district implements, and the policy should restrict or prevent third parties from having direct access to your data without strict oversight.

5) Partner with Lumen™ Touch to meet your student data privacy needs. Bright PASSPORT governs how schools share personally identifiable information (PII), such as student roster data. Rather than allow teachers or school districts to implement apps for their classrooms, Bright PASSPORT provides districts with a library of approved apps that have been properly vetted to meet the required security standards. Learn more.

Does Your School Need a Cybersecurity Audit?

In order to know where you need to make improvements to your cybersecurity strategy, you need to know where your weaknesses are. That’s why Lumen Touch is offering a brand new service for schools: Bright LITE

Our customized service offering provides individuals and organizations with the information and education to efficiently evaluate both the risks and opportunities they face. 

Let Lumen Touch help you be more secure with Bright PASSPORT and Bright LITE. To learn more, get in touch.

Download the Bright LITE brochure (PDF)