Join us for The Heart and The Science Zoom Summit on August 30, 2023. Discover the proven strategies for achieving 90% early literacy success from our outstanding speaker team. Register now! Register
CA (613) 212-2225 | US (720) 994-8779 letstalk@spriglearning.com

Importance of Cybersecurity in Schools. What you Need to Know.

Cybersecurity for schools is a growing area of interest due to 1) the increased adoption of instructional technology tools, and 2) increases in cyber attacks against both the software vendor and users of these platforms. 

Data privacy and data security are especially important anytime students are using technology due the potential data at risk. Sprig Learning has written on this topic, offering tips on protecting children’s data online on computers and mobile devices

This article is dedicated to teacher’s use of technology. 

The majority of early learners may not use computers, tablets and phones in schools, but their teachers use these devices to manage planning, instructional and assessment data. 

Thus it’s very important to understand the importance of cybersecurity in schools. 

 

What Is the Importance of Cybersecurity in Schools?

What is the importance of cybersecurity in schools

 

As the number of students enrolled in schools continues to grow and online learning expands, the safety and protection of student data is crucial.

 

Increased Threat

Last year, the number of cyberattacks on schools jumped by 75% with over a 1000 schools experiencing ransomware attacks.

According to data from Check Point Research, the education/research sector suffers the greatest number of weekly cybersecurity threats. 

With the threat of such attacks looming in the K12 education sector, it is important to take necessary measures.

With the growing prominence of cybersecurity, it’s not just the CIO who should be in roundtable discussions on how to best mitigate such risks, but other school district leaders and educators at all levels must have a base understanding of the threats and the right course of action.

 

K12 Cybersecurity Act

The K-12 Cybersecurity Act was signed into law in 2021, which aims to strengthen the cybersecurity of the United States’ K-12 educational institutions by conducting a study in cybersecurity risks, presenting the findings, and developing an online training kit for officials.

The cybersecurity toolkits published thus far offer some general guidelines, but a lot is still left up to the schools regarding how they want to set their cybersecurity strategy. 

 

Cybersecurity Budget for Schools

District Administration reports that 20% of schools out there spend less than 1% of their IT budget on security, the rest spending 8% of their IT budget on average on cybersecurity. 

For schools who have not prioritized cybersecurity yet, what are some best uses of the IT budget which will minimize risks, threats, and create a robust infrastructure for the future?

  1. Awareness training to the risks and how they are mitigated;
  2. Anti-malware software to detect the potential presence of malware;
  3. Anti-phishing software on email services to detect attempts to capture information, or even suspicious emails;
  4. Performing threat and risk assessments (TRA) against all new software or technologies being used. This should include a privacy impact assessment (PIA) for any platforms holding PII data of students or staff;
  5. SLA’s with providers that account for data breaches and course of action including notifications during and after an incident;
  6. Create a governance model that will allocate resources to ensure security and privacy are ongoing tasks across the organization’s operations.

 

Cybersecurity for School Districts

Cybersecurity for Schools

What are some things instructional technology should possess which will keep student’s data safe and secure?

Cybersecurity for school districts consists of keeping student data private and secure. Sprig has previously written on data privacy and data safety before. Please refer to those articles for a more in-depth explanation of what it takes to keep student data private and secure.

Information from those articles are presented here in a questionnaire format. To develop a top-notch cybersecurity strategy and successfully implement it, the following questions have to be asked.

 

Has your Instructional Technology Provider Completed Assessments on Threats, Risks and Privacy?

A governance model or framework makes it easy to perform both a Threat and Risk Assessment and a Privacy Impact Assessment – two critical components in developing and maintaining a safe platform.

A Threat and Risk Assessment allows us to discover any potential flaws in our digital assets and address each one to reduce risk.

The Privacy Impact Assessment assists in the identification and recording of any components of our system related to personal or student data that may be at risk, and then developing a plan to manage and mitigate those risks.

 

Does your Instructional Technology Provider have Failsafes? Does it train itself to get better?

Assessment and documentation cycles help to develop a Secure Development Lifecycle (SDLC) that decreases our platform’s overall attack surface. Maintaining a secure platform is an ongoing activity that does not end after development is completed. 

Servers must be monitored constantly for any indication of risk. Multi-layered system should assure that even if the web server is compromised, the student data is safe.

Penetration testing should be conducted to ensure that no internal errors are made on the code or on the server.

 

Is there sufficient understanding of the data policy and culture of the instructional technology provider?

First and foremost, schools should partner with EdTech companies that care about students. From pedagogy to platform and privacy, your tech partners need to put students first. 

Ask for a copy of the company’s privacy policy and make sure it looks something like this. If an EdTech company values the best interests of students, they will not sell data to advertisers or any other external 3rd party providers.

 

Is there enough information about cybersecurity and collaboration amongst different stakeholders to keep student data safe and secure?

The fact is, there is only one way to fight the sale of information: with information itself. Staying informed is the only way to protect student data and the onus is on caregivers and educators to learn with students in mind.

Caregivers and educators need to work together to protect student data inside and outside of the classroom and educate themselves so that they can understand the technology their children use. It takes two to keep student data safe, make sure your education partners are in it for the right reasons.

 

The Sprig Difference

All Sprig software and platform services have affirmative answers to the questions posed in the prior section. They are held to high specifications using regulatory regulations and ISO cybersecurity standards to ensure student data is safe and that privacy is assured. 

Sprig values student privacy, and as such, we do not sell or advertise any student data to third parties.  Nor will we ever, as it it is not part of our business model.

 For our product development, we use a governance model that includes a Secure Development Lifecycle (SDLC) to keep track of every component, identify potential risks, and carefully resolve each one.

Sprig has partnered with TwelveDot Security as its development partner to further emphasize the need for privacy. TwelveDot creates all of Sprig’s platforms using the most recent digital security safeguards and criteria. TwelveDot has been a global leader in cybersecurity for the last twelve years, assessing and defending enterprises against data breaches and cyber threats.

Do you have questions related to data privacy or cybersecurity? Don’t hesitate to reach out to us. 

More Tips to Protect Your Child’s Data Online (Part Two – Children on Computers)

As a follow-up to Part One – Children on Computers, we now shift the focus to securing data on mobile technology. While the evolution of mobile and wireless technologies have contributed positively to lives over the past 10+ years, many people continue to debate the benefits and highlight the negative impact of being ‘hyper’ connected.

Today, we’re providing you with some important tips to implement across all mobile devices and EdTech platforms. This will help ensure you and your child are protected online:

 

  1. Update software – For iOS, it’s easy to set up automatic updates. For Android, updates can be a bit more complicated to set up, because some are dependent on the carrier. Many carriers prefer to sell phones and don’t do much to educate you about updates. In fact, some Android phones, after a period of about three years, will lose the ability to process updates. Do your research when choosing phones, and remember to ask your service provider to explain the life cycle of the phones you consider and ask if they include product support; 
  2. Encrypt your data – For iOS, data storage is encrypted by default and is unlocked when you enter a passcode. For Android, you must enable this feature yourself. We also recommend that, if you use SD or other memory cards, to ensure these devices are encrypted in the event they are ever lost. Learn more about data encryption.
  3. Choose a strong unlock code/biometric – We hold a lot of confidential information/ data on our devices. It is essential that we create as many barriers to access this information as possible. We always recommend 2-factor authentication (2FA) whenever possible. For example, use one code to gain access to the physical device and then use a second code (or biometric) to approve/allow things like purchasing or access to settings. The reason is simple – if your phone is lost, someone could possibly gain access through one code, but typically not two. Remember: always create a secure password and do not use the same one across devices or accounts (bank code, home security code, etc.) This would allow someone who knows one passcode to gain access to all of your critical assets;
  4. Enable location detection – We all get busy, it’s so easy to misplace, drop, or lose your device. Having the location turned on allows you to easily find or trace the location of your device. Get more info about location detection for iOS devices, and for Android devices;
  5. Stay off public Wifi networks – Use public Wifi networks sparingly. Consider that public Wifi collects your data and may sell it to various marketing firms. If you are accessing email, banking, or social accounts, there’s a possibility they could be compromised. Learn more about the dangers of using public Wifi and if you must use these networks, please install and configure a VPN application (such as IVPN) to ensure your communications and identity are protected;
  6. Anti-virus app – It may seem a bit strange, but viruses and malware can infect a mobile device. Anti-virus apps will alert you when you stumble upon potentially suspicious websites, files, or transactions on your phone or tablet. Keep in mind, your phone is always on and connected to a network. Even while you sleep, someone could be attempting to access your device. It’s easy to forget that your phone or tablet is just another IP address on a network. We recommend looking into Avast and Kaspersky;
  7. Backup your device – This one is really important and should be done at least once a week. There are countless stories of parents losing priceless images or videos of their kids when a phone is dropped or damaged, and there are cases when it cannot be repaired/files can’t be recovered. Don’t let this happen to you! Back everything up to a cloud service of your choice – and do it regularly. Learn about backing up on iOS and on Android;
  8. Don’t jailbreak/root your phone – When you jailbreak your phone, it essentially removes all security controls on your device, including setting some default access passwords. What does this mean? Well, your phone is able to be scanned on a public network and someone could easily access your device using these logins without you even being aware that it’s happening. This can lead to data loss and possibly a full compromise of your device; your entries could be recorded and forwarded to someone else. If you use mobile banking, this could lead to your account balances being transferred to another account or in some extreme cases – identify theft.

 

This may sound pretty scary, and in some cases, it truly can be. Just remember to be vigilant and ensure you are taking all measures to keep your data and your child’s data safe. 

With these tips in play for children using mobile devices, you’re doing your part to keep your data safe and secure. Stay tuned in the coming weeks for Part Three, when we will discuss security tips for families using ChromeBooks.

All links provided within this after are meant to provide you with the information you need to do your part to keep your mobile devices secure. Note: We do not endorse nor receive any monetary rewards for the software/programs we are recommending. We use them personally, so we have experience in using them and have found them all to provide the additional layers of protection for ourselves and our staff members.

About the Author

Faud Khan, CTO, Sprig Learning

Five Tips to Protect Your Child’s Data Online (Part One – Children on Computers)

With most schools running either part- or full-time remote learning programs (or a combination of both), parents are advised to stay vigilant about doing everything they can to protect their child’s data online. At Sprig Learning, we take online security and privacy very seriously and go out of our way to ensure that parents, educators, caregivers, and communities are protected at all times while using our online apps, programs, and services.

In part one of this data privacy-focused series, we have put together a list of the top five tips that we suggest to help parents make home-based online learning safe and secure:

 

1.Change default passwords: School boards often provide default usernames and passwords; and it is essential that you change these passwords to something more secure right away. Pro tip: never use the same password twice and consider using a password manager.

2.Use secure passwords: At a minimum, create passwords that are at least 12 characters long. Be sure to include a combination of alphanumeric and special characters (ie. exclamation marks, stars, hashtags, etc.) and don’t ever share your passwords. Pro tip: password managers can generate random passwords for you!

3.Identify real time web risks – Make sure that you’re always using the latest anti-malware software to identify risks while on the Internet. Pro tip: There are many free versions that we recommend, including these offerings available from companies such as: Sophos, AV, and EVS.

4.Create user profiles for your child – Keep your main computer admin accounts separate from those your child uses by creating individual accounts for each member of the family. Malicious actors (also known as threat actors) will often use the main admin account/admin rights to install software on a computer without your knowledge. By creating separate accounts for each child with limited access to local user rights, you greatly reduce the ability for unauthorized software and trackers to be installed.

5.Update Software Regularly – Be sure to turn on automatic updates to ensure you’re always running the latest versions of all software that has been provided by the operating system and applications being used. This ensures that any security patches are quickly installed to greatly reduce your level of exposure to potential malware and viruses.

 

With these five tips in play for children using computers, you’re doing your part to keep your data safe and secure. Stay tuned in the coming weeks for Part Two when we will discuss security tips for families using mobile devices.

In the case you’d like to do more research into this topic, here are some helpful links to review. Please note: Sprig does not endorse or receive any monetary rewards for any of the software we recommend. We have first-hand experience using them and have found them to be useful in providing the additional layers of protection for our staff.

Passwords – Resources on how to create strong passwords/remembering them:

howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it

cnet.com/how-to/9-rules-for-strong-passwords-how-to-create-and-remember-your-login-credentials

mentalfloss.com/article/504786/8-tips-make-your-passwords-strong-possible

 

Resources on Real Time Web Risks:

avira.com

avg.com/en-us/free-antivirus-download

avast.com/free-antivirus-download#mac (Mac, Android, and iOS)

 

Tips on creating user profiles:

support.microsoft.com/en-us/help/4026923/windows-10-create-a-local-user-or-administrator-account
(For Windows Users)

support.apple.com/en-ca/guide/mac-help/mtusr001/mac (For Mac Users)

About the Author

Faud Khan, CTO, Sprig Learning

It Takes Two to Keep Student Data Safe

Technology isn’t leaving anytime soon – that’s a fact. With job markets desperate for digital skills and teachers desperate for support, devices have a place in today’s education system. The trouble is, schools are adopting technology at an accelerating rate while the concern of cybersecurity lags behind. It’s an issue that schools are starting to take seriously, but it takes two to keep student data safe.

In education, student needs should always come first. It’s important for students to develop digital literacy, but it’s even more important to protect their privacy. Technology will always collect information, but it’s what companies do with that information that should concern educators. With more tech in the classroom comes more student data vulnerable to commercialization.

What schools need to look out for are companies that sell student data to advertisers. Advertisers use this data to create individual advertising profiles for more effective advertising in the future. The more information an advertiser collects, the more they can tailor their messaging to be more effective to each individual. It’s a sickening notion to think students are being exploited, but it’s an unfortunate reality.

What can schools do to protect student data?

First and foremost, schools should partner with edtech companies that care about students. From pedagogy to platform and privacy, your tech partners need to put students first. Ask for a copy of the company’s privacy policy and make sure it looks something like this. If an edtech company values the best interests of students, they will not sell data to advertisers.

Another way to protect students is to use different devices in the classroom. Though it may be a seamless option, putting all of your school’s digital eggs into one tech basket can be damaging to students and their privacy. When a student becomes too familiar with a company’s products, they may become uncomfortable using other technology, creating brand loyal customers at a young age. It gives tech companies an opportunity to collect student data at every possible juncture.

There are resources available for parents to protect student data as well. The Parent Coalition for Student Privacy was founded in 2014 after the legal battle with former student data company, inBloom. The coalition formed with the concern that parents were ill-equipped to protect their children’s privacy. The Parent Coalition for Student Privacy offers information and resources for parents who have had a hard time tackling the complicated topic of student privacy.

How does Sprig protect student data?

Using regulatory requirements and ISO cybersecurity standards, all Sprig software and platform services are held to stringent requirements to keep student data safe and privacy assured. Student privacy is critical and as such, Sprig does not sell or market any student data to third parties.

To further reinforce the importance of privacy, Sprig has teamed up with TwelveDot Security as its development partner. TwelveDot develops all of Sprig’s platforms using only the latest digital security measures and requirements. For the last eight years, TwelveDot has been a global leader in cybersecurity, assessing and protecting organizations from data breaches and cyber attacks.

The fact is, there is only one way to fight the sale of information: with information itself. Staying informed is the only way to protect student data and the onus is on caregivers and educators to learn with students in mind.

Caregivers and educators need to work together to protect student data inside and outside of the classroom and educate themselves so that they can understand the technology their children use. It takes two to keep student data safe, make sure your education partners are in it for the right reasons.

For more information about a holistic approach to assessment or holistic education, send us an email at letstalk@spriglearning.com.

More from the Sprig Blog

3 More Common Situations in Early Literacy Leadership and How to Respond

3 More Common Situations in Early Literacy Leadership and How to Respond

In a recent article, Sprig brings attention to crucial aspects of early literacy leadership with “11 Common Situations in Early Literacy and How to Respond”.

It’s a must-read, if you haven’t done so already. Going beyond case studies and researched best practices, Sprig revisits previous blogs, extracting valuable insights that can pose challenging situations to early literacy leaders and presents their corresponding responses.

As discussed, those initial 11 scenarios were not exhaustive by any means, and so Sprig expands the discourse in this article by introducing three additional common situations faced by early literacy leadership.

11 Common Situations in Early Literacy Leadership and How to Respond

11 Common Situations in Early Literacy Leadership and How to Respond

Navigating early literacy leadership challenges in pre-kindergarten, kindergarten, and early elementary grades can be complex. As students embark on their educational journey, success in these formative years hinges on various factors.

While situational challenges may arise, the reassurance comes from insightful case studies that shed light on similar scenarios and effective responses.

This article covers 11 common situations, drawing from valuable knowledge shared in previous Sprig blogs.

Explore a wealth of information covering a spectrum of topics, all neatly compiled in this article.

Student Data Privacy – What Makes Sprig So Secure?

Protecting student data is a top priority for school districts and schools, and with the upswing of new edtech products on the market, it can be hard to qualify which tools offer the kind of protection that you and your students need. While some edtech companies may believe that following cybersecurity best practices adds extra complications to an already lengthy development cycle, Sprig Learning is fortunate enough to have security built into each and every product by design.

That added piece of mind is thanks to our co-founder, Faud Khan. Faud is an international leader in cybersecurity with over 23 years of experience in the field, and he is known for his work with the International Organization for Standardization (ISO), as well as his work with the International Electrotechnical Commission (IEC).

So who better to share what makes the Sprig Learning Platform so secure than Faud himself! Keep reading to hear exactly what it is that makes our education platform so secure, and what you should look for when choosing an edtech partner.

Here’s a word from Faud:

With Sprig Learning, we had an opportunity to create an edtech product that was not only going to benefit the market from a holistic learning perspective, but one that provides enhanced privacy and security within the school ecosystem.

Cybersecurity is top-of-mind for most people, including us. As parents ourselves, we wanted to reassure our students, their parents, and their educators that we did everything in our power to identify and mitigate any risks to our online platform – as well as how we operate our company. I want to take this opportunity to share with you exactly what it is that makes Sprig Learning so secure. Allow me to dive into a little cybersecurity speak to help explain our process:

We take data security seriously.

So serious, in fact, that we have reviewed all of the possible ways in which our platform could be compromised. Every single one of them. Using a functional specification for our product development allows us to keep track of every component, identify potential risks, and methodically address each and every one. For a company that’s less than a year old, that is a pretty big accomplishment.

The functional specification makes it easier for us to complete both a Threat and Risk Assessment, as well as a Privacy Impact Assessment – two key components in creating and maintaining a secure platform. To be brief, completing a Threat and Risk Assessment allows us to identify any potential weaknesses in our digital properties, and address each one to reduce any risk. The Privacy Impact Assessment, on the other hand, helps us to identify and record any components of our system related to personal or student data that may be at risk – then develop a plan to manage and mitigate those risks.

These assessments and documentation cycles have allowed us to establish a Software Development Lifecycle that reduces the overall attack surface of our platform. We test ourselves and our platform. Constantly. Maintaining a secure platform doesn’t end once development is wrapped up. We aggressively monitor our servers for any sign of risk, and our multi-layered system ensures that if our web server were ever to become compromised, our student data remains safe. In fact, we even try to compromise our own platform with regular penetration testing in order to ensure that we did not make any mistakes in our code or in our server.

Our Promise to You.

As you can see from a security and privacy perspective, we have gone above and beyond the typical edtech standards. Our engineering team is strong in these disciplines, which helps us to grow and continuously develop our security and privacy controls as our business evolves. That is a commitment to all of the members of the Sprig Learning Team, and our promise to you – the Sprig Community. Should you have any more questions about our approach to security and privacy, please reach out to us at security@spriglearning.com.

Yours,

Faud Khan
Co-Founder and CTO Sprig Learning

For more information about a holistic approach to assessment or holistic education, send us an email at letstalk@spriglearning.com.

More from the Sprig Blog

3 More Common Situations in Early Literacy Leadership and How to Respond

3 More Common Situations in Early Literacy Leadership and How to Respond

In a recent article, Sprig brings attention to crucial aspects of early literacy leadership with “11 Common Situations in Early Literacy and How to Respond”.

It’s a must-read, if you haven’t done so already. Going beyond case studies and researched best practices, Sprig revisits previous blogs, extracting valuable insights that can pose challenging situations to early literacy leaders and presents their corresponding responses.

As discussed, those initial 11 scenarios were not exhaustive by any means, and so Sprig expands the discourse in this article by introducing three additional common situations faced by early literacy leadership.

11 Common Situations in Early Literacy Leadership and How to Respond

11 Common Situations in Early Literacy Leadership and How to Respond

Navigating early literacy leadership challenges in pre-kindergarten, kindergarten, and early elementary grades can be complex. As students embark on their educational journey, success in these formative years hinges on various factors.

While situational challenges may arise, the reassurance comes from insightful case studies that shed light on similar scenarios and effective responses.

This article covers 11 common situations, drawing from valuable knowledge shared in previous Sprig blogs.

Explore a wealth of information covering a spectrum of topics, all neatly compiled in this article.