By NEIL ZOLOT
WAKEFIELD – Computers, the Internet and technology are all conveniences of modern life, but have a set of problems all their own. Along with instant access to information and the ease of communication around the globe comes a lack of privacy and security of information.
Institutions as well as individuals are subject to issues of cyber security, including and maybe particularly school systems where thousands of students, teachers and administrators are using computers and the Internet almost every minute of every day.
With that in mind, the school system’s Technology Department recently underwent an evaluation of its security protocols, aided by consultants San Diego based Cybermotiv. “It’s not just about hardware, but people, policy and procedure,” Technology Director Jeff Weiner said at the School Committee meeting Tuesday, November 15. “We learned a lot and found out a lot, but I can’t go into too much detail or it would compromise our security.”
The assessment included interviewing technology staff to determine levels of compliance with protocols, scanning systems for vulnerabilities, creating and/or updating policy documents and formulating a 2-3 year roadmap of action, the order of which was determined by levels of risk and costs of developing programs to remediate risk.
A list of 18 controls include inventory and control of software; data protection; access management; vulnerability management; e-mail and web browser protection; defense against malware; network management, monitoring and defense; security awareness and skill training, penetration testing and incident response management.
Protective measures include implementing robust security protocols and training to mitigate potential threats to foster a team-oriented approach to protect against cyber threats. “A huge part of cybersecurity is education,” Weiner said. “Awareness is key to ensure school staff members are aware of cybersecurity risks to make informed decisions.”
Common security risks include phishing and contact ransomware or malware. Phishing is an inquiry from an entity looking for personal information, often seen on Facebook as a fun exercise asking people about their elementary school, first car or concert they attended, which are often used as security passwords at banks, other financial institutions or computer networks.
Ransomware or malware are programs that permanently or temporarily block access to computer use or data unless a ransom is paid or a bogus security system is bought. “The hold data hostage to get money,” Weiner explained. “School systems have been attacked.
Acquiescing to ransomware or accessing other programs online can invite viruses that corrupt systems. “Someone can send e-mails that look official,” Weiner added. “If someone clicks on something they shouldn’t, we want to know who to inform and educate them. It’s not a ‘gotcha’ and will be part of our training. You can’t block everything, but you want to tell people it may not be the best thing to do.”
Another issue using third party vendors and service providers. “We may know what our systems look like, but not the other systems and your security is only as good as theirs,” Weiner said.
Security assessment is not an annual exercise, but, rather, ongoing. “You do it constantly,” Weiner said. “When you do continuous monitoring, you’re less likely to have problems. You do it and live it.”
The subject, which Weiner labeled operations management, was only one of the elements of Weiner’s briefing for the School Committee. He also went over elements of student and teacher experiences and community engagement.
The student experience includes digital equity and access for all students to ensure every student, regardless of socio-economic background, has equitable access to resources and tools; fostering a learning environment in which technology is seamlessly integrated into curricula to enhance engagement and achievement and using data analytics and insights to inform decision-making and personalized training to improve outcomes.
The teacher experience includes providing comprehensive professional development and training to empower teachers with skills and knowledge needed to effectively integrate technology into their teaching; fostering a collaboration among teachers and enable them to share knowledge, resources and innovative strategies related to technology and ensure teachers receive timely and effective support to resolve issues related to hardware, software and online platforms.
Community engagement consists of empowering parent and the community at-large with digital literacy skills to support student’s technology driven education; promote transparency and communication between the Technology Department and the community to ensure stakeholders are informed and engaged in technology-related decisions and collaborate with community organizations and local businesses to support technology initiatives that benefit both the school system and the broader community.