June 04, 2009, 8:17 PM — Most school districts state that their mission is to provide students in the community with educational opportunities in a safe environment.
We have just passed the ten-year anniversary of the Columbine tragedy. Since that terrible event, schools have come a long way in doing a better job of protecting students from physical threats and preparing for different scenarios. We have installed cameras, restricted access to facilities, and have conducted exercises for all sorts of scenarios – guns brought into school; bus accidents; pandemic incidents; etc. Community leaders, parents, and law enforcement have been enlisted to raise the awareness level of these threats. Communication systems have been installed to promptly notify parents of bomb threats and other emergency situations.
All of these efforts are admirable. As a parent, I feel much more secure about my school district’s readiness for physical threats. However, we cannot rest on our laurels. Other threats are lurking. A solid Safety and Soundness Program includes continuous assessment of threats.
In the past twenty years or so, there have been monumental changes and progress in technology. Information is being generated exponentially more rapidly than it ever was before. Technology is at everyone’s fingertips. This generation is so much more comfortable with using technology than any generation before because they have grown up with it.
Our schools have done a tremendous job using technology to educate students in this “Information Age”. Obviously, we have to prepare students to live a life with this ever-growing use of technology. Twenty years ago, no one envisioned the dependence upon technology that we now live with everyday. Nearly everyone has cell phones. We use computers and “smart phones” to do our banking, our shopping, ordering take-out, and learning, making friends around the globe, among many other things. This is the life in which students of today are living.
But what about the risk that comes with this new age? Threats such as bullying, tampering with records, social engineering, theft and fraud haven’t gone away during this age. It is only logical that technology is used by individuals to act on these threats and have a bigger impact.
A May 2008 article in eSchool News stated that one in four data breaches occur in schools. A January 2009 Washington Post article stated that breaches were up 50% in the past year, and schools have been involved in 20% of those incidents.
So many of us have received letters stating our personal information may have been compromised, so much so that we are becoming apathetic towards them.
The question is – have we done a good job in assessing these threats and preparing for those types of incidents? The growing number of breaches would indicate that we are falling short.
Students are using technology more and more to bully other students. At the 2007 RSA Conference, a panelist stated that one in seven children has received some type of sexual solicitation on line. Recent news articles have reported incidents of students changing grades. More and more, potential employers and higher educational institutions are rejecting employment or admission applications based on compromising pictures or information on social networking sites. Minors are using cell phones for "sexting" messages.
When we speak of an Incident Response Program, we must include the cyber-threats as well as the physical threats. The goals of an Incident Preparedness Program are to respond to an incident as quickly as possible, minimize the impact of an incident, and implement procedures or controls to prevent the incident from recurring based on lessons learned. Have we run “Safety and Soundness” exercises on data breaches or security incidents? Do our Incident Response Policies and Plans include preparing for the most likely incidents, such as school systems being used to corrupt the morals of our students? Do they include preparing for a massive tampering with grades? Are we ready to preserve electronic evidence for forensic analysis if law enforcement needs to prosecute or if we need to take legal action as the result of behavior on school computers?
In this Information and Technology Age, it is our duty to prepare for all of the threats that can impact our students. This preparation should include the very thing that has impacted our students most over the past two decades – technology. This particular mission isn’t about educating students on the threats – it is about keeping them safe amidst the threats.
