By Matthew Eshleman, CTO, Community IT Innovators.
Cybersecurity in nonprofit charter schools is different from the mid-sized nonprofit IT networks that Community IT typically supports. Here are a few cybersecurity best practices for nonprofit charter schools that can help you keep your technology both accessible and safe.
- Students need easy access; make the access too difficult and participation will drop in ways fundamentally different from an employee-employer relationship.
- There is an incentive to simplify account access due to volume. But this can mean security suffers – a “standard” login or initial password is easily exploited.
- Students, parents, teachers, and administrators all need various levels of secure access to related accounts. Do not let convenience overrule privacy concerns.
- In addition to “generic” opportunistic financial hacking, guard against non-financial threats from without and within the online environment, such as sexual predators and classroom bullies.
- Online education presents additional challenges to novice users, whether students, parents, or staff – plan to offer extra help-desk support.
- Have a clear process in place for reviewing and approving new apps. It’s likely that needs will change during the semester, so allow teachers to request and manage applications and websites that are specific to their class. This will avoid insecure or poorly designed apps being installed, and reduce cybersecurity risks.
- Budget for loss and theft of devices, and understand that long-term budget planning can conflict with politics or suffer from frequent changes in decision makers.
- Invest in, and demand, exceptional help desk support. Your help desk will be the main contact for your students and staff with remote learning technology. You will need an accountable and professional help desk to successfully implement any new education technology platform. Train your help desk on interacting with students.
- If your environment uses Microsoft Windows be sure to enroll the computers in AutoPilot (requires Intune license)when they are purchased and then use a device management tool such as Intune to deploy your standard configurations and applications. This can save you and your organization up to 60-70% installation time allowing rapid deployment and saving on budget.
- Using a Single Sign On (SSO) Dashboard like Clever is a great way to unify logins to the wide range of educational apps that are required. A single password and user name helps your users have a smoother adaption to remote learning.
- Individualized passwords are essential to prevent intrusions. Passwords should be at least 12 characters long and be memorable. We like to use the generator at XKPasswd – Secure Memorable Passwordsto generate them.
- No teachers should keep spreadsheets with student passwords and definitely no use of the same password for all students! Use a Student Information Systemsto securely store student passwords.
- Don’t allow students to reset their passwords automatically; require them to go through the help desk – but make that an easy and accessible step.
- Require staff and teachers to protect their accounts with Multi-Factor Authentication (MFA). They have access to so many systems with sensitive data that providing this extra layer of protection is critical.
- Turn off services like email that aren’t needed. Only enable and provide access to systems that are required for education.
The opportunities for positive technology experiences and mission delivery in the nonprofit education sector are always accompanied by very real security concerns. As remote learning has evolved so rapidly recently it is not surprising that institutions are having trouble keeping up. Find a trusted technology partner to help your school navigate tech vendors. Having a technical assessment and strategic plan/budget in place is crucial to implementing change at speed.
The security issues at nonprofit charter schools are different than other nonprofit organizations, but the need for security is, if anything, more important.