Data Privacy & Security Service Digital Digest Fall 2016

Data Privacy & Security Service

Issue 6

Data Privacy & Security Service Digital Digest Fall 2016

In This Issue

THE GROWING THREAT TO DATA

Page 1: School district computer systems attacked by ransomware

Is your school district prepared for a ransomware attack?

New York State Comptroller Gives More Attention to SIS Page 2: Click-through Agreements and your Data

The Rhinebeck school district experienced a ransomware attack at the end of the school year. Ransomware is a malicious software designed to block access to a com- puter system until a sum of money is paid. This type of attack can affect any school district or organization. This ransomware attack did not result in the loss of any data or files, but it took the district nine hours to trace the problem and restore the system using off-site back- up files. These types of attacks can get into the system as easily as someone opening up an email.

Pokémon Go and Your District

Page 3: How to Protect Your Data

Questions to think about: 

Where is your district data?

View Full Article and Further Information See Data Breach Response Checklist to help your district be prepared. Homeland Security Recommendations on Mitigating Threats

 Who is responsible for data in your district? Do those responsible for data know what to do and what not to do? About This Issue In this issue, you will find articles and other information about protecting your data and how to make sure your dis- trict’s data stays secure. The infor- mation contained in this article is rele- vant both on a district-wide level, as well as on a per-user basis. As users download apps and sign up for web- sites, an increased awareness of the implications and exposure of student data becomes necessary. 

NEW YORK STATE COMPTROLLER GIVES MORE ATTENTION TO SIS

The NYS Comptroller’s Office significantly increased the depth and breadth of ques- tions they ask about district data privacy and security. In the past, the Comptroller was primarily interested in districts’ financial data and systems. District audits in the 2015-16 school year saw a dramatic increase in the attention paid to Student

Information Systems (SISs) by the NYS Comptrol- ler. Between November 2015 and May 2016 the number of audit questions about a district’s SIS grew from two pages to nine. RICs recommend that districts anticipate the need to respond to these questions.

SED Appoints Temitope Akinyemi as Chief Privacy Officer (CPO). The CPO will develop, implement and oversee the Department’s poli- cies and procedures to ensure the privacy and confidentiality of stu- dent, teacher and principal data.

Click here to view the Comptroller’s Questions.

1

Data Privacy & Security Service

Issue 6

Impact on Districts Users often download apps and sign up for websites without ever reading the user agreements/click-through con- tracts. It is important that districts edu- cate their users on the implications of accepting these agreements. In many instances, once signed up, users will use the tools with students and student in- formation. In the case of photo sharing websites, it’s possible that once a teach- er posts photos of their class, they have given up ownership of the photos and they can be used elsewhere on the in- ternet. Tips for Click-Through Agreements Looking for tips when you use click- through agreements? View tips and read the Full Article . While an application like Pokémon Go may seem like a tool that does not have a direct impact on districts, the opposite is true. It is likely that many members of a district’s community (parents, staff, students, etc.) are using the apps. Would a teacher or administrator want a student catching a Pokémon off their head in class? It is important that dis- tricts are aware of these trendy new apps and take steps to educate their stakeholders about the risks associated with the app as well as appropriate us- age. Impact on Districts

Click-through Agreements and your Data

Users often agree to click-through agreements and contracts without reading them. These agreements can contain terms that are strange, and could be down-right frightening. Does your district understand what happens when they click “I agree” on a website? Read further for how to protect your users and district.

What are you giving up when you click a click-through contract?

What are you really agreeing to when you agree to a click-through agreement with- out reading them? This article (contains adult language) highlights 6 user agree- ments that you’ve probably accepted without even realizing the ramifications. In another example of the danger of accepting click-through-agreements without reading them, this summer security researchers set up an experimental Wi-Fi hotspot in London. In return for free Wi-Fi, the researchers asked customers to agree to terms and conditions that included a promise "to assign their first born child to us for the duration of eternity." Predictably, people signed up. Would you? Read more.

Pokémon Go and Your District

In July of 2016, Pokémon Go was released on multiple platforms as an app. It quick- ly became the most popular app on the App Store and Google Play. However, Poké- mon Go has not been without controversy or concern for schools and the public. For a summary of the controversy surrounding Pokémon Go and its impact on schools, visit this website . To learn how librarians are using this game to entice more patrons into its facilities . Click here

Other Resources

ISTE—Bringing Pokémon to School

Tools for Districts

EdWeek– Using Pokémon Go with Autistic Students Teens Broke into School to Play Pokémon Go

If a building in your district is a PokéStop or gym, you can visit this website to re- quest its removal.

For a full map of PokéStops and gyms you can visit this website .

2

Data Privacy & Security Service

Issue 6

Data Privacy and Security Service Digital Digest Fall 2016

How to Protect Your Data

With all of the risks and vulnerabilities to your data what can you do to protect it? Below find some resources and recommendations from experts on some actions you can take to protect your data.

The paranoid's survival guide, part 1: How to protect your personal data

In today’s digital age protecting personal data is critical. The same practices that apply to personal data, apply to student data as well. This article provides helpful

Top Security Practices

In today’s world of instant information and mounds of data on every topic, how do you filter out the information you need? Get the download from surveys done with security experts and web-users who are not security experts. Learn about top security practices and more. Full Article

For Further Information Contact Your Local RIC. Click here to find your local RIC contact

For Subscribers to Service:

Digests & Archived Digests D 3 —Digital Digest Debrief

Inventory Tool

Information Security Online PD for Teachers

Digital Blasts

 Access to password protected resources on the RIC Data and Security website: http://www.nysdsp.org  Data Privacy and Security Professional Development

Used with Permission Source : New KnowBe4 Survey: Ransomware Infections Double In Two Years

3

Page 1 Page 2 Page 3

www.nysdsp.org

Made with FlippingBook - Online Brochure Maker