For any platform where user data is collected and stored, security and data privacy are critical. This is even more true in education-based platforms and technology-based assessments because the data being stored relates to minor’s personal information. However, with technology playing a central role in education today, it’s not always easy for educators and schools to know which apps or software have top-level security and which do not.
One area of particular importance in security is testing. High-stakes testing has been shifting from paper-based to online, technology-based assessment over the last several years and with this shift, there is a new focus on data privacy and test cyber security. For paper tests, a chain of command was most important, however, with online testing, there are many entry points for testing data that need to have extra security measures in place — both because a test taker’s personally identifiable information may be attached to testing data, and to maintain the integrity of a test.
What security & privacy concerns are K-12 schools are facing?
Cybersecurity threats – K-12 schools are increasingly targeted by cybercriminals who attempt to steal sensitive data such as student and staff personal information, financial data, and research. These attacks can be carried out through phishing emails, malware, and ransomware.
Online safety – With the increasing use of technology in education, students may be exposed to inappropriate content or predators online. This can be mitigated by implementing internet filtering and monitoring tools and educating students on safe online behavior.
Data privacy – Schools must comply with federal and state laws such as the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA) to protect the privacy of student data. This includes ensuring that only authorized individuals have access to student records and that data is securely stored and transmitted.
Social engineering – Social engineering attacks, such as phishing or pretexting, are used to trick individuals into divulging sensitive information. K-12 schools are particularly vulnerable to these attacks as students and staff may be less experienced in detecting and avoiding them.
Device management – With the increasing use of mobile devices and remote learning, schools must manage and secure many devices. This includes ensuring that devices are correctly configured, have up-to-date security software, and are protected from theft or loss.
The cost of compromising data
Of course, there is a tremendous cost, not only financially, but also psychologically when student testing data is leaked or otherwise compromised. Having to retake an exam may cause students anxiety and effect their overall performance. For parents, it is troubling to think that their child may become the victim of phishing, or receive emails designed to harvest personal information and even steal their identity.
There is also a potential for an impact on the actual day-to-day operations of schools. A cyberattack on a school that relies primarily on technology to deliver lessons or for students to complete work could lead to a complete school shutdown until security can be restored and student work can continue. This could negatively impact student learning and potentially lead to students falling behind.
Tools and standards that can be implemented
As security threats and issues become more complex, so do the preventative measures that are put in place in place to keep data safe. For schools, these tools and standards are especially important when implementing a technology-based assessment system. By implementing the following three tools and standards, schools can keep student and staff data safe while encouraging teachers to continue to grow and use new technologies.
Enact effective safety measures
Every school or district needs to ensure that its IT department is enacting the latest safety measure designed to combat attacks and threats. These include:
- Encryption of test data – both in transit and at rest
- Using a secured cloud service with PEN tests, WAF, DDOS mitigation, and bastion hosting
- Having a staff security policy
- General Data Protection and Regulation (GDPR)
- Cheating detection
In implementing these safety measures, K-12 educators can feel confident that students and student data are safe when participating in online learning or technology-based assessment.
Maintain up-to-date resources
The challenge with technology is that it is ever-changing and maintaining a secure system can be a bit of a moving target. With the increasing reliance on technology-based assessment software for educational purposes, schools must protect their computer systems, networks, and sensitive data from cyber-attacks.
To ensure the security of their systems, schools should implement security protocols such as firewalls, antivirus software, and intrusion detection systems. Regular updates to software and security systems are also essential to stay ahead of emerging cyber threats. Schools should provide cyber security awareness training to staff and students to educate them on how to recognize and prevent cyberattacks, such as phishing scams or malware infections. In taking a proactive approach to cyber security, schools can protect themselves and their students from potential data breaches and other security incidents.
Collaborate across stakeholder groups
One of the challenges to keeping student data safe is that there are so many different apps, software, and platforms that students and teachers use to accomplish their daily learning tasks. However, the LTI 1.3 standard enables interoperability of systems, like the TAO assessment platform, allowing software to “talk” to one another and ensure continuity of security across a digital learning environment. This keeps student data safer while also being capable of implementation on mobile devices, meaning there is a higher level of security across entire networks.
In addition to having systems within a single school or district communicate efficiently, it is also important that schools collaborate outside of their walls as well. Keeping an open line of communication and staying tapped into the FBI and CISA is a great way to act quickly when cyberattacks happen. On a smaller level, communicating with parents about their role in educating their children on cyber security and helping parents to recognize signs of a security breach in school devices at home, can help stop a small issue from becoming a major issue.
New cyber security laws outline steps for schools to take
The Cybersecurity and Infrastructure Security Agency, or CISA, has new guidance and steps for schools to take to become more secure. One step that schools can take, according to CISA, is to ensure that IT specialists receive up-to-date training, and when possible districts should allocate more funding to cybersecurity personnel to ensure student safety.
CISA also noted there is a consistent balance between sorting out threats and keeping the school’s technology up and running. They advocate for developing a method for simplifying decision-making to ensure that decisions are made quickly and with the best information possible. In addition to simplification, they also advocate for prioritizing areas where money and resources can have the largest impact.
The final area of focus that CISA recommends is around governance and centralizing control and decision-making. In districts with a central IT office, it is easier to maintain and streamline data security when compared with each school working independently.
All of this serves to ensure that students can access digital technology resources while maintaining a high level of data security. In doing so we can continue to push students and help them grow at the highest level with minimal security risks.
Want to learn more about why TAO’s technology-based assessment system is trusted by the world’s largest districts and ministries of education to securely power their high-stakes assessments? Get in touch with a solutions specialist here.