By Michael Webb, CTO, Identity Automation.
In K-12 school districts, one of the most challenging technology conflicts is between productivity and security. Students and staff want quick, reliable access to online resources. They’d rather not be logged off the system every 20 minutes or have to call the IT department to reset passwords. During class especially, teachers don’t want to sacrifice instructional time to troubleshoot login issues.
However, school districts have suffered 1,180 publicly disclosed cybersecurity incidents since 2016 according to the K-12 Cybersecurity Resource Center. These have included denial of service attacks that interrupt learning, data leaks that result in identity theft, and ransomware attacks with extortion demands reaching seven figures. When my employer surveyed 100 K-12 technology leaders earlier in 2021, 92% said they had suffered a cyberattack.
To successfully balance productivity and security, K-12 districts need a strategy for access management: the practice of serving valid users while denying access to invalid users. These five pillars of access management work together to help your district achieve that balance.
- Identity Management: instant access to digital resources
In many districts, IT departments manually provision accounts, meaning someone assigns digital resources, one user and one service at a time. The process is therefore time-consuming and prone to mistakes. Because deprovisioning is also manual, forgotten “ghost” accounts can become vulnerabilities. Instead, districts should use identity management for automatic account provisioning. Essentially, once a student or staff member is enrolled to a district, the identity management solution automatically provisions their account based on predetermined rules. This immediate, “zero-day access” is productive and secure. And if a student were to move or if a staff member were to quit, the identity management solution can automatically deprovision the account.
- Digital Stewardship: cybersecurity awareness and fundamental skills
Students and staff who learn to be good stewards of their credentials can help protect their learning environment. That starts with passwords. An analysis of 15,212,645,925 publicly leaked passwords found that “123456” is the most popular one. K-12 users must learn how to create strong (i.e., complicated) passwords that aren’t reused on other sites. Ideally, they will use one such password to access all their resources (more on that in the next section). The second most important stewardship skill is how to recognize phishing attacks and vet links for telltale signs, like an unfamiliar domain. “Stay Safe from Phishing and Scams,” part of Google’s Digital Citizenship Course, is a great three-minute primer. Good stewardship, though important, can always use backup.