As many households with school-aged children engage in remote learning, districts are grappling with new and ongoing IT challenges — not just their own, but also students’ families who may not have access to technology.
On the first day of school in Miami-Dade County Public Schools in Florida, students received error messages as they logged in to the district’s networks. Administrators later reported that a 16-year-old student had admitted to orchestrating a series of cyberattacks designed to overwhelm the network (That’s how the digital generation plays hooky). Unfortunately, similar issues have occurred in school districts in Texas.
Throughout the country, return-to-school efforts introduced not only cybersecurity problems but also a whole new set of technology-related risks for school districts. As many households with school-aged children engage in remote learning, districts are grappling with new and ongoing IT challenges — not just their own, but also students’ families who may not have access to technology.
Some issues can be solved with training, while others require structural, organization-wide transformation. These are some of the questions school leaders should ask themselves as this unusual school year gets underway:
Access to Services: Educators depend on tools and systems to work seamlessly, but the end-user experience has to work for all. Not every household includes a computer expert to solve technical or connectivity issues. Districts must consider the capabilities of vendors and software, internet capacity and reliance on ISPs, and the processes required to upgrade, patch or improve upon existing software.
Ask yourself:
- How can we offer technical support to families so that students have reliable access to teachers and lessons? Can we mobilize additional resources at our internal help desk, or do we need to find vendors to supplement existing resources?
- Do our vendors have the capacity to keep up if everyone must go fully remote? If we begin school online but later transition to in-person learning, will vendors keep extra capacity available in case we have to return to remote instruction?
- Do we have change management processes in place to monitor security patches and push out software updates?
Protecting Student Data: The Family Educational Rights and Privacy Act (FERPA) allows school districts to disclose data to specified parties, but districts must beware of internal or external attacks that could illegally expose sensitive information.
- Are our vendors aware that FERPA requirements may apply to data they are storing or transmitting? Do they have appropriate privacy protections in place?
- Does the district have processes to protect sensitive data from errors in software configuration, updates or issues with inappropriate user access?
Server and Power Capacity: Some districts have re-opened in a hybrid environment, with some students are attending in person, while others are participating through virtual classroom applications. The load of voice and video traffic on the school’s wireless networks and underlying wired network/ISP may cause instability in network connections.
- Do our schools have adequate wired and wireless network capacity for the hybrid environment?
- How can we provide enough electricity for students at their desks, if they are all using devices? Most classrooms aren’t designed with that many outlets. How many power strips can we add without overloading circuits?
Third-Party Management: As districts leverage or repurpose new tools and software, they need to continue to follow policies, procedures, requirements and regulations.
- Do we have processes in place to continuously monitor our software and cloud vendors’ compliance with district requirements for security, privacy, availability and other risks?
- Do we require third-party documentation from new vendors, such as a SOC report, to help ensure they are protecting our sensitive information?
Video Conferences: During the spring, stories of “Zoom-bombing” gave nightmares to school administrators everywhere. Unauthorized access is a risk for every video platform, not just Zoom. There are fairly simply solutions, though.
- Have we provided clear instructions to teachers and families about configuring security options such as waiting rooms, limited screen sharing and requisite passwords?
- Are we regularly pushing out mandatory security patches to protect against emerging threats?
The COVID-19 environment places many demands and extra stress on districts’ IT staff, especially when financial crises are forcing staff reductions or hiring freezes. These rising demands and rapid changes in the COVID landscape can also lead to more mistakes and expose vulnerabilities. Try to be mindful of what you are asking IT leaders to do, and help them focus resources on the greatest risks and the highest needs.
This school year promises to be like no other. At the end of it, though, we will all come out of it with a new appreciation for the capabilities of our IT networks — and for the people who built our technology lifeboats.
