Safety, Security, & Student Data Privacy
*This post has been written as part of my professional growth plan through my #ISTE20 scholarship.
5 Questions for the Changing K-12 Cybersecurity Landscape
Presenters: Amy Mandrier, Trent Redden
Overview: “Hosted by AT&T. This panel discussion of cybersecurity experts explores how COVID-19 has changed the cybersecurity landscape on school campuses, identifies the top 3 cybersecurity risks for K-12, and details how to be better prepared before, during and after a cyber-attack.“
Main Takeaways:
- Top 3 cyber security risks identified as:
- 1. ransomware
- 2. phishing emails
- 3. DDoS attack
- Recommended that schools encrypt data, have a response plan, educate all users (staff at all levels and students)
- Have a security framework in place to recognize a cyber attack and mitigate as soon as possible
- “Create an offensive strategy with a security-first mindset. Assume you are already hacked. At all times.”
Further Resources:
- MERLIN Manitoba security services
Top 10 Ways to Tell If Your EdTech App Cares About Privacy
Presenters: Jill Bronfman, Ben Cogswell, Nancy Nelson
Overview: “Want to find out if your favorite EdTech app is taking care of student and teacher privacy? Come see Common Sense Privacy’s hot list, tips, and graphic representations of key findings of privacy and security practices of 150 popular EdTech products from our published State of EdTech Privacy Report.“
Main Takeaways:
- 1. What personal information (PI) does the product collect?
- 2. What PI does the product share with 3rd party companies and advertisers?
- 3. How does the product secure PI?
- 4. What rights do I have to the data?
- 5. Does the product sell any PI?
- 6. How safe is this product?
- 7. Are there advertisements or tracking?
- 8. Can I provide parental consent?
- 9.If the product intended for school?
- 10. How transparent is the product’s Privacy Policy about questions 1-9?
Further Resources:
- Common Sense Media privacy program
- Privacy evaluations for common educational tools
- Presentation notes
Security is Everyone’s Job – How You Can Help Keep Your Organization Secure!
Presenters: Heather Jones, Corey Schultz
Overview: “Hosted by Cisco. Learn day-to-day best-practices to keep students, faculty, staff and campus safe and secure – from good password hygiene to understanding your role in defending against phishing and ransomware attack to ensuring critical student data is protected.“
Main Takeaways:
- Hacker vs. attacker: skill set vs. intent
- Script kiddie: someone who uses existing codes to gain access to your information, they lack the understanding to write their own
- Social Engineering: using social skills to get someone in the network to get you the access you want
- Phishing, spear-phishing, smishing: email attacks or SMS/texting attacks
- Malware, ransomware, and cryptomining
- DoS and DDos: denial of service
- Patching & backups
- Attack surface: how many different “doors” an attacker has to get to your network
- Role of the security team:
- understand and reduce the attack surface
- monitor for intrusions or suspicious behaviour
- investigate & remediate incidents
- Most common attack vectors:
- web
- Passwords
- use unique passwords for all sites
- turn on 2-factor authentication if possible
- What is your back-up plan?
Further Resources:
The next learning topic on my professional growth plan is “Project-, Problem- & Challenge-based Learning”.
1 thought on “Safety, Security, & Student Data Privacy”