Middle school teachers aren’t data security agents. They need help.
Earlier this year in a small town in Georgia, a middle school teacher saved a spreadsheet of student data from a school computer onto a flash drive, so she could take it home.
The teacher left the flash drive in her car.
You can guess what happened next: her car was burglarized, and the flash drive stolen, exposing the social security numbers and associated names of students at the school.
Should this teacher have been trained to encrypt the flash drive? No. It’s hard enough teaching middle school.
Instead, the school district could have prevented this incident from occurring in the first place.
Reduce access to secure student data
School districts can’t go the route of banking institutions and seal off the drives on their computers so flash drives and CD’s can’t be used to copy information. That’s impractical and unnecessary.
Instead, school districts can identify information that is protected and private (social security numbers, dates of birth, medical or mental health conditions) and keep that information secure at the district headquarters. Separate spreadsheets containing the data teachers really need (student names, age but not date of birth, city of residence but not address, etc.) should be created for use by faculty, so they needn’t worry about handling sensitive student data.
No business would place customer credit card numbers on a shared database for all staff to view. By the same token, no school district should make sensitive data available to staff who aren’t trained in data security procedures.
Secure the sensitive data
Once private student data, such as social security numbers, has been constrained to an administrative location, IT staff in the administrative office need to take steps to protect it.
Network security is an obvious issue, to prevent outsiders from hacking into central computers.
A less known risk is one of hardware. Computers become old and are replaced. Server hard drives fail. But the data is still intact, and in the hands of skilled thieves, it is easy to retrieve. The social security numbers of children are especially precious to thieves because new identities can be crafted around them, and such identity theft often isn’t discovered until the child grows up and applies for credit.
In an academic setting, retired hard drives and worn-out discs may sit in boxes or storage closets until someone arranges for proper technology recycling. But even if the staff identifies a legitimate company that will wipe the data from the discs and comply with federal standards for both data security and recycling, the drives and loose media are at risk while they sit in storage.
Anyone who has access to the offices or storage areas, including visitors and cleaning staff, can steal the retired drives, computers or loose media.
The best bet for schools, universities and businesses is effective onsite data destruction.
What is onsite data destruction?
Teachers and school administrators are not trained in data security. Data destruction should be as easy as dropping drives, disks, and media into a secure bin. It’s no more work than putting them on a shelf in a closet marked for recycling.
Does such a bin exist? Yes. Meet Tear-A-Byte®, TechR2’s solution to secure onsite data destruction. Tear-A-Byte® utilizes leading edge technology, providing secure containment and onsite data destruction with our NSA certified degausser.
For each project the college or school will receive a serial number report and a certificate of destruction to store for future audits. This is critical in case of a suspected data breach. For state-funded institutions, it is even more critical to have a paper trail to prove your compliance with data security measures.
More complex jobs can take advantage of TechR2’s more advanced systems.
Do your school district’s administrators know the risks of data stored on flash drives, hard drives and other loose media? Forward this article, along with this link to related data security court cases and tips, and present simple and effective solutions such as Tear-A-Byte®. Information about compliance with various federal guidelines governing data privacy can be found here.
Are you still unsure about how this could work for you? Click the big red button and we’ll bring our system to your office. We will whittle down your pile of hard drives you’ve been saving on a shelf, and show you an alternative — at no charge!