Home » Best Practices for Schools to Keep Student Data Safe

Best Practices for Schools to Keep Student Data Safe

Intentionally or not, schools tend to accumulate vast amounts of student data. This includes not only names but birth dates, home addresses, and sometimes even social security numbers and critical financial information.

This data is often necessary for a school to perform its day-to-day duties but it’s also a major responsibility. Student data privacy is essential if a school is going to require they disclose information that could do harm in the wrong hands.

Data Leaks Have Real Consequences

A 2020 data breach at Syracuse University allowed malicious actors access to the names and social security numbers of over 10,000 students, alumni, and applicants.

With that information in hand, it becomes much easier for hackers to then access further private information of those involved in the leak. It may be possible to access their banks, apply for loans, and more.

In response, that Syracuse University faces a lawsuit for negligence that could have serious financial consequences. Regardless of that lawsuit’s outcome, it’s a lesson that all educators should pay attention to.

Data leaks can destroy students financially. Moreover, schools suffer too. Their reputations are tarnished due to their inadequate security and they can face expensive lawsuits for their failure to protect sensitive data.

This is not to mention the social consequences a person might suffer if something like their medical record or other personal information leaks. Some students have things they rightfully want to keep private and it’s a school’s responsibility to keep that data private.

Keeping Student Data Safe

Once an educator acknowledged the importance of student data privacy, the next question to consider is how one will keep that data safe. The good news is that leaks do not have to be a matter of course; some basic best practices can keep data safe.

Tip #1: Promote Healthy Suspicion

Perhaps the biggest weakness in any network is the inherent trust most of the people with access to that network have. If an untrained person has an important username and/or password, they’re a threat to your network, even if they don’t realize it.

This is the constant battle of information security. IT can make a network secure but the network needs to be accessible by staff. Unfortunately, most non-IT staff aren’t well trained when it comes to security.

There are many ways hackers can try and get a person’s username and password. For many, it’s as simple as a confident phone call or even an in-person visit. They will pose as someone of authority and ask the staff member to give them the information they need.

Many people would be shocked at how often this gains a hacker access to critical accounts. From there, the malicious actor can copy and/or manipulate whatever files those accounts can access.

The good news is that this is preventable through staff training. A good rule of thumb is to require usernames and passwords requests go through IT, or at least require their express verbal (not written or secondhand) permission.

Tip #2: Control Download Privileges

One of the easiest ways for a hacker to attack a system is to convince an unwitting party to run a malicious program. These programs will often be made to look like legitimate programs, and may even appear to work as expected, all while they do harm in the background.

That all said, the program first needs to be downloaded and ran. If a user can’t do that, their being tricked is irrelevant.

Downloading privileges can and should be controlled so that those with access to important systems can’t readily download whatever they want. In short, if someone doesn’t need to download something, don’t let them.

These privileges can be controlled too. For instance, IT can be permitted to download whatever they need, since they presumably have the expertise to better avoid malicious downloads.

You can also make it so that various accounts can only access certain parts of your network. For example, student accounts should not be able to manipulate files in staff or system folders.

Tip #3: Back Up Your Data

One of the most important yet ignored rallying cries of the IT world is to back up your data. This is important for a number of reasons but, regarding security, it helps protect you from a type of attack called ransomware.

The basic idea of ransomware is that it infects a system and encrypts huge amounts of data. It then makes a demand of the user, usually in the form of payment, or it will do something malicious to that data.

Oftentimes the ransomware will make the files impossible to access or will even delete them. This is where data backups become critical.

If you have backed up that data, it turns what would have been a disaster into an inconvenience, only requiring you to replace the junk files with your clean copies.

It’s also worth noting hard disk drives (HDDs) are the most common way we store data yet have fairly short lifespans. If you don’t back up data and a drive dies, that data is lost.

In short, backing up data is very easy but can prevent a number of data disasters if done right.

Tip #4: Try Managed IT

Getting the infrastructure in place for an IT team isn’t always easy for schools. Even many who do have a team have one that is small or underequipped.

It’s possible to do in-house IT right but it can be expensive. Luckily, it’s possible to get IT support from a third-party service, saving you the costs of an in-house team but still allowing access to robust IT services.

This is “managed IT” and it’s scalable to your needs. Services can be very hands-on or you can pare back, depending on your budget, network size, and more.

Managed IT can be a great way for educators who feel out of their depth to get their network up to a good standard in terms of both security and efficiency.

Tip #5: Air Gap Your Network

For a hacker to interact with a file, they need to access it. While that may seem obvious, many people don’t realize how interconnected their network is. This is doubly true if your network allows for online access.

This is where air-gapping can help. An air-gapped network allows access only from very specific computers. It is almost like a data vault, requiring a hacker to physically enter a restricted space and have the credentials to then log on to the relevant computers.

The number of hackers willing and able to gain access to these computers is far smaller than the pool of hackers at large. It’s also easier to watch a door to your air-gapped computers than an entire wireless network.

Air-gapping isn’t ideal for all data storage but it is great for information that is highly sensitive. It is not out of the question for a school to store student financial, social security, and medical information in such a network.

A school could also try a blended approach, where the air-gapped network is the only place files are permanently stored. When a staff member needs files, they can be copied, used for their required purpose, then deleted on the less secure computer.

Tip #6: Train and Retrain

This final tip is a simple one: train anyone with access to sensitive data how to keep that data secured.

Many people do not understand basic computer security. For one reason or another, they don’t realize how easy it is for hackers to gain access through casual negligence.

Others don’t understand how serious a data link is. If they don’t work with computers very often, they may not realize the sheer volume of sensitive data some networks contain.

Staff and students can learn about data security but only if you teach them. Never assume someone will know how to keep data secure by default or because you gave them a pamphlet at orientation.

Pay to have staff and anyone else with access to important parts of your network trained by experts in data security. Moreover, test and retrain your staff on a regular basis, to ensure they’re keeping up with the good practices they learned and remain alert to any new dangers hackers have come up with.

Keep Every Link Strong

When it comes to protecting student data (or any kind of sensitive data) the trick is to keep your whole security chain strong. Hackers search for weak points in networks, often only needing one slip-up to get what they need.

If you found this article helpful, we hope you’ll explore our blog. We have more content like this on the latest tech as well as content on a variety of other topics. There’s sure to be something you’ll find interesting!

Zaraki Kenpachi