If your students, families, and employees had more options, would they still choose you? Take a lesson from the districts who already know the answer to that question because of their powerful online identities.
By building your district’s online presence through technology, you encourage ongoing engagement from students, employees, and parents. You stand out to your community and communicate a strong culture. Dive in to a trove of examples in four core platforms.
Your website is the first place the community turns to for finding information about the district. Make sure they like what they see by taking the following into account:
Clean, elegant designs: Using modular design, easily accessible information, and minimal color palettes makes navigation easy for every visitor, bumping up view time.
A lasting first impression: Your website is a reflection of your district. Attract prospective students and staff by keeping community culture front and center.
Information central: Add the district calendar, news updates, lunch menu, and all other need-to-know info to your front page to keep families in-the-know.
Building a social media presence keeps brand messaging in your own hands. Keep the focus on school culture with these in mind:
Consistent posting: News, shoutouts, and updates should be posted nearly every single day to boost engagement.
Community-driven content: Posts that regularly feature the successes and highlights of staff, students, and the surrounding community get more views.
Diverse points of interest: Parents, students, and teachers in the district want to see their unique clubs, cultures, and interests celebrated on social media.
Videos offer viewers a way to peek into your community’s day-to-day life and culture. Here’s how to put your district’s best image on display:
Interoperability—the ability of software programs to seamlessly connect to one another by seamlessly exchanging information and common language—is something we’ve been steadily working towards in edtech. Plenty of progress has been made, but in many ways it feels like we’re only starting to scratch the surface of what’s possible, and the work that needs to be done to get there.
At the same time the interoperability conversation continues, we’re also smack-dab in the middle of a new era of teaching and learning in K12 schools. More learning is happening outside of school buildings than ever before. Teacher happiness and retention continue to be a high priority, with a big part of that happiness focused on cutting down and streamlining tedious administrative tasks so teachers can maximize their time.
A strong student information system (SIS) can be a cornerstone of your district’s educational data, creating ways to communicate with parents, monitor progress, manage remote learning, and support staff all in one swoop. However, we also know that your SIS is just one piece of the edtech interoperability puzzle. So, let’s explore the current discussion and increasing importance around the need for edtech interoperability in K12 schools:
Interoperability and Remote Learning: The Continued Push for Open Standards
Remote learning—in some form—is here to stay, and to prepare for the classroom of the future, many schools and districts invested heavily in edtech platforms to engage students and fill in learning gaps. However, more edtech often leads to an increase in siloed information—unless the platforms have made it their mission to adopt open standards for interoperability.
The call for edtech that prioritizes interoperability has been louder than ever before, with a national snapshot from the IMS Global Learning Consortium showing that schools and districts that prioritized interoperability open standards when choosing digital tools and resources were able to make a more seamless shift to remote learning. In March 2021, IMS took the facilitation of open standards to the next level with the launch of their Standards First program. Educational institutions and edtech suppliers alike are encouraged to sign the pledge, which demonstrates advocacy, transparency, and trust over the shared goal of open standards.
By Mike Bianco, director of information security, Skyward.
Schools face plenty of dangers and threats, from pandemics to budget cuts, but ransomware may be one of the most pernicious, transcendent, and frightening – and it’s not going away.
Ransomware is big business for crooks, and schools are seen as easy pickings. CBS News reports that cyberattacks and ransomware targeting K-12 schools hit record highs last year, with ransoms ranging from $10,000 to $1.4 million and a total cost to districts of more than $123 million, according to IBM.
Because so much of what a school system does, from teaching to storing records, takes place online, the threat of a ransomware attack effectively stopping those processes dead in their tracks and wiping out the supporting data is enough to keep administrators up at night.
Add to that the threat of students’ sensitive data stolen and dumped or sold to bad actors after ransomware attacks (NBC News reports that in 2021, ransomware gangs published data from more than 1,200 American K-12 schools), and it’s a miracle administrators get any sleep at all.
And in case a district admin was thinking of sneaking in a catnap, they should consider that 30% of educational outlets consider themselves unprepared to face a cyberattack resulting in their data being held for ransom. Why do so many ransomware attacks target schools? Several reasons:
Schools are vulnerable
Whether it’s students, parents, teachers, or back-office staff, the fact that so many different personas with so many different ideas about internet security are using the system makes it easy for hackers to exploit weaknesses.
Schools lack resources
Districts may not be able to afford the most robust ransomware-prevention tools, or the personnel needed to monitor them.
Data is centralized …
School districts tend to keep their data in one central repository, which is attractive to hackers. Think of it this way: If you’re a bank robber, do you want to rob one bank with $5 million in deposits, or five banks with $1 million in deposits each? Educational data is the $5 million bank.
And it’s valuable …
Student data is pure gold. It can be used in a variety of ways, to establish false identities, to apply for credit, and to make large purchases.
Producing additional blackmail opportunities
Suppose a hacker acquires the report cards and other data of high-school seniors. They could threaten to release the information to prospective employers if the student or their parents don’t pay a ransom.
(This is generally thought of as small potatoes by hackers, but it’s not out of the question.)
How districts can protect themselves
Given that schools are and will continue to be ransomware targets, what can districts do to prevent themselves?
First, districts need to realize they’re not Susan Storm, and they can’t put a force field around their data. There is no magic shield; there are only multiple layers of protection they can employ to deter hackers.
Second, they need to understand that protective measures may only make their district a less attractive target, and not a non-target. After the low-hanging fruit is harvested, their district may still be seen as ripe for the picking.
Third, districts have to accept the fact that protection against ransomware is ongoing and evolving. It is absolutely not a one-and-done.
Let’s be honest: Two-factor authentication (2FA) can feel like a pain. Now, security experts are pushing for districts to adopt multi-factor authentication (MFA)–multi-factor, as in more than two factors?
You may already hear the chorus of complaints. Do we really need this?
But here’s the thing: With malware attacks rising, authentication systems using two or more factors are the best way for districts to keep accounts from being hacked, and there are ways to make the process less painful.
While MFA and 2FA will always be seen as a pain by significant segments of your constituency, the good news is the process can be fairly painless (especially since often, MFA only needs to happen every once in awhile to ensure the user is who they claim to be). Beyond that, the goal is to have them see and understand it as a very important pain.
And thankfully, there are ways to do that.
What is MFA (and by extension, 2FA)?
MFA is a process that uses multiple sources to verify someone’s identity, usually online, usually so that person can access an organization’s platforms, tools, or email or data servers.
By Erin Werra, edtech enthusiast and writer, Skyward.
One of the core tenants of FERPA states that student records should only be available to those who have a specific need to see them. On the other side of district operations, sensitive financial information can easily become fodder for fraud if it falls into the wrong hands.
There’s a lot of data to safeguard as a system administrator.
One strategy to explore is task-based roles in your student information system or enterprise resource planning system. How does this strategy keep your data safe? Let’s explore.
Roles vs. tasks
The first step is to define the difference between roles and tasks within the software.
Roles apply to the user and carry a specific set of permissions.
Tasks are actions available to the user, including screens in different areas of the software, and different data sets the user can access.
In some systems, the default method of assigning permissions (whether view or edit permissions) is based on an individual’s role in the organization. But what if users who share a role shouldn’t necessarily share access to the same screens, tasks, and data?
Task-based permission and least privilege
Rather than automatically assign everyone in a similar role the same permissions, consider instead which screens, data, and tasks people in those roles need to view. Consider the concept of least privilege: only the minimum necessary rights should be granted to maintain the highest level of security.
Let’s say, for example, a new administrative assistant needs to access data about demographics, attendance, and create new student profiles. The system administrator can create a role using those exact permissions, and then add the role to the related security group. This might mean all administrative assistants have similar, but not identical, permissions and are all part of the same security group.
This past year, K12 schools became the top targets of ransomware attacks. In August and September 2020, districts accounted for 57% of reported ransomware attacks. You know the threat is out there, but is your district prepared?
Nothing worth having is free. Create a strong plan when things are going well, and you’ll be grateful if disaster strikes.
Brilliant teams are run by people, not by machines. Salary, training, and planning fall under this category.
Has your security team grown in proportion with ransomware risks? According to CoSN’s 2020 EdTech Leadership survey, 69% of districts say they are proactive or very proactive—but less than 20% of respondents had a dedicated full-time employee responsible for cybersecurity. 46% listed it as a shared responsibility, 30% “part of the job,” and 10% ad-hoc. This means an overwhelming majority of school districts run the risk of cybersecurity missteps or passing the buck.
One study by ISC2, a professional IT organization, shows more than 4 million cybersecurity jobs are unfilled worldwide. Not only is this a potential blind spot, but it’s an opportunity for students pursuing STEM and computer science fields.
Know your data recovery options. Data hosting services may offer multiple options for backup and recovery, but multiple data centers should be a priority. Whether hosting offsite or in person, frequent backups are crucial.
Humans creating passwords is one of the weakest points of any network. Single sign-on uses multiple strategies to strengthen security, as well as makes logging on to the many, many different ed tech solutions any given district relies on much easier.
Constant vigilance is easier when training prompts frequent reminders. Your team members all possess wildly different levels of tech savviness—even the most grizzled veterans of the computer sciences benefit from security training updates. Security training creates a unified set of standards for everyone to follow and may even give you a baseline set of data, so you know where to add training.
Crisis communication templates
Hope for the best, prepare for the worst, and create templates when the worst is yet to come. Readers will appreciate calm, collected communication more than a slapdash letter in the event of a data breach.
The sun has set on summer. But as an orange autumn moon rises to take its place, the waters of cyberspace only become more congested. Phishing, turns out, is always in season.
Want to give it a try?
I know—you’re one of the good guys, so why would you want to go phishing? The reason is simple: to prevent employees from being hooked down the line. Simulated phishing is a sort of catch-and-release method that can be an extremely valuable asset for IT leaders. Not only do simulated attacks remind employees to be ever vigilant while going through their inboxes, but they also give IT leaders a better idea of whether employees can effectively identify phishing attacks, or if they need additional training.
So, pull on your cap and waders. We’re going phishing!
Before you let your line fly, it’s essential that you fully formulate your plan and discuss it with the leadership at your district. How often will you send out simulated attacks? What program will you use? How will you prepare your employees?
Don’t neglect that last one; making sure employees are up for the challenge is an important part of the process. After all, how can you expect them to identify phishing emails if they don’t know what to look for? Employees can learn to recognize and evade threats through online cybersecurity training programs. (This article gives a nice overview of several programs, including KnowBe4—our favorite.) Some of these programs include simulated phishing as well; no need to phish through a separate organization!
If you haven’t already, set up an easy way for employees to report phishing, ideally both to your email provider and your IT team. If your district’s email platform doesn’t have a simple way to report to the IT team, you can set up an inbox for employees to forward suspicious messages to (for example, email@example.com).
It’s best to keep your plan to simulate phishing under wraps in the beginning. An unannounced baseline test is a helpful way to truly gauge susceptibility to attacks. However, after your first simulation, explain the phishing drill to everyone! Open communication is vital to maintaining trust between leaders and those they lead.
Hackers take advantage of the worst-case scenario.
Pandemics, terrorism, and natural disasters bring disruption and distractions, perfect opportunities for people to infiltrate lowered security while our attention is directed elsewhere. Here are five data security bases to cover during your pandemic response.
While it’s true our home wireless networks are under more stress than ever before, don’t sacrifice security for convenience. These network breaches are some of the easiest for hackers to pull off.
No public Wi-Fi: The biggest risk to networks comes from unsecured Wi-Fi connections in public places, like restaurants. Ideally, choose password protected Wi-Fi from a home network. This option may be out of reach for some—even free internet offers for students are falling short in some cases, requiring families’ unpaid bills to be settled before the option is extended to the student. Other secure options may include a Virtual Private Network (VPN) or a mobile Wi-Fi hotspot.
Internet of things: Disconnect devices that don’t require Wi-Fi to function (appliances, etc). Even if Wi-Fi helps them function more conveniently, consider disconnecting them temporarily to minimize the opportunities to infiltrate your network.
Multi-factor authentication: More organizations are moving toward MFA in all cases, but particularly for remote work, ensure the devices connecting to the network belong to actual people within your organization.
Skyward, an administrative software provider committed to a better experience for every user, is proud to announce it has become a Google for Education Build Partner. As a Google for Education Build Partner, Skyward will soon enable educators to conduct real-time grade syncs from Google Classroom to Skyward’s Gradebook solution in a beta program.
student data synced between Google Classroom and student information systems
has been a key issue facing administrators and instructors. With this exciting
new collaboration, school districts using Skyward’s SIS will be able to sync
assignments and grades from Google Classroom directly into Skyward’s Gradebook
solution, saving teachers valuable time.
are thrilled to become a Google for Education Build Partner and soon provide a new
capability that many of our customers have been looking forward to,” explained Scott
Glinski, CEO of Skyward. “Between our collaboration with Google for Education
on the grade sync beta program, Ed-Fi data standards, and OneRoster 1.1
certification, we hope to continue leading the interoperability movement for
student information systems.”
integration between Skyward and Google Classroom will also eliminate the need
for double grade entries, reduce the number of tools teachers need to master,
and lessen the possibility for error in grade entries.
collaboration with Google for Education is about saving time for teachers, so
they can focus on what matters most—students,” explained Kevin Duda, director
of product management at Skyward. “By providing one place to enter data, teachers
can be more confident in their data while continuing to use the tools that work
best for their needs.”
more information, visit www.skyward.com/k-12 and fill out the interest form for the
Classroom grade sync beta program here.
Are K–12 schools fully prepared for today’s digital and physical emergencies? According to a recent federal report, schools are becoming safer, partially through the proactive use of technology. Skyward, an administrative software provider committed to a better experience for every user, is helping lead improvements by encouraging school leaders to leverage an existing tool, their student information systems, to amp up security and ensure protection of their sensitive data.
Although statistics suggest schools are becoming safer, a recent poll indicates parents feel schools are less safe today than they were 20 years ago. Skyward’s SIS aims to alleviate those concerns by giving parents the ability to provide student information such as protection orders against unwanted visitors and reunification instructions to ensure students are paired with the correct guardian in the event of an emergency. Parents can also enter vital health information regarding student allergies and medications, which school staff can view and act on during medical emergencies.
“Skyward continues to help us keep students safe with speed and accuracy—the two most important factors during an emergency,” said Jacque Deckard, data management coordinator at Mooresville School Corporation in Indiana.
Skyward’s SIS also provides a real-time notification system, which can send important messages to students, parents, and staff during an emergency. Additionally, school leaders can set up an anonymous tip line within the notification system, offering individuals the opportunity to report incidents such as bullying, self-harm, and possible threats to the school.
“It’s important for our students, parents, and faculty to be heard and feel comfortable. Thanks to Skyward, this is possible because they can remain anonymous and still voice safety concerns,” said Lora Lovelace, data management coordinator at Center Grove Community Schools in Indiana.
While physical threats are at the forefront of security concerns, Skyward is continuing to protect districts against data breaches as well. In 2019, dozens of cybersecurity incidents have affected K-12 schools, and 122 similar breaches occurred at schools in 2018. By partnering with ISCorp, a hosting solution, Skyward offers districts the opportunity to host their sensitive information on a secure cloud service, which provides 24/7 monitoring and fail-safe backups.
“When students and faculty walk through school doors, they deserve to feel safe and confident their information is protected,” said Scott Glinski, CEO of Skyward. “As a system that many districts use, we recognize our role as part of the solution, which is why we will continue evolving our software to defend against all threats, both digital and physical.”