page background
page background

Data Privacy Week 2023

Shields UP!

Data Privacy Week 2023 Shields UP!

It's on all of us to protect our staff and student data

K-12 organizations are under continued threat from malicious cyber actors, and real-world incidents have demonstrated potentially significant impacts on students, school personnel, and communities. Cybersecurity incidents can result in significant impacts to a school or district’s ability to carry out its educational mission and protect sensitive school, student and personnel data. Malicious cyber actors are targeting K–12 education organizations across the country, with potentially catastrophic impacts on students, their families, teachers, and administrators.


Data Privacy Week is a useful time for all of us to reflect on our digital security hygiene. As data breaches continue to plague users worldwide, it is important to evaluate your cyber security practices. The uncomfortable truth of the past decade is that digital data is highly valuable and very difficult to secure. Threat actors will continue to steal massive amounts of data and businesses/individuals will continue to suffer the consequences. Data privacy worldwide is unfortunately not in a healthy state. The upside is that you as an individual have the ability to strengthen your security practices in order to mitigate any damage that results from something like a data breach. Creating strong and unique pass phrases and utilizing cold-storage password managers are an efficient way to minimize the fallout of a data breach.

What needs to be protected?

FERPA requires us to protect student PII

zoom_out_map

Personally Identifiable Information (PII)

The name of a student or family members; their address; personal identifiers, such as the student’s social security number, student number, or biometric record; other direct or indirect identifier that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person to identify the student with reasonable certainty.

zoom_out_map

Directory Information:

Directory Information may include a student name, address, telephone number, email address, photograph, date/place of birth, major, grade level, enrollment status, date of attendance, degrees, honors/awards, most recent educational institution attended, participation in officially recognized sports and other activities, and weight and height of members of athletic teams.

zoom_out_map

Education Records

Materials that are “maintained by an educational agency or institution or by a party acting for the agency or institution,” and that contain information directly related to a student.

Strong Passwords are a Must

Accounts can be compromised due to weak passwords that we use to access information so one of the best things you can do is to develop passwords to safeguard sensitive data.


Password Safety Tip #1: Don’t use the same password twice.

If one website experiences a breach, the other sites using that same password are also at risk.


Password Safety Tip #2: Use a mix of characters including letters, numbers and symbols - or a passphrase.

It’s always tempting to create a password using a loved one’s name, a pet’s name, a birthday or anniversary and so on. However, these types of passwords are generally quite easy for a hacker to figure out. Instead, passwords should be at least 12 characters long and include upper and lower case letters, numbers and symbols.

Additionally, another great strong password idea is to think of a passphrase instead of just a word.

  1. Passphrases are easier to remember than passwords.
  2. Passphrases are difficult to crack through brute force.
  3. Passwords are easily hacked by password-cracking tools and robots as well as by humans.
  4. Most major applications and operating systems allow for up to 127 characters and the use of passphrases for optimal security.
  5. A passphrase can easily satisfy complex rules and requirements for passwords, as most allow for punctuation, uppercase, and lowercase letters.


Password Safety Tip #3: Avoid sharing passwords.

Passwords should always be kept confidential.


Password Safety Tip #4: Don’t keep passwords written down near computers.


Password Safety Tip #5: Utilize a password generator or manager.

A password management service will generate secure passwords that are extremely difficult to crack. It also eliminates the need to remember multiple passwords every time a new account is opened. Password managers create a strong, reliable password every time a new account is needed on a website, storing all passwords a single location.

What is Multi-Factor

Implementing MFA makes it more difficult for a threat actor to gain access to information systems—such as remote access technology, email, and billing systems—even if passwords are compromised through phishing attacks or other means.

Malicious cyber actors are increasingly capable of phishing or harvesting passwords to gain unauthorized access. They take advantage of passwords you reused on other systems. MFA adds a strong protection against account takeover by greatly increasing the level of difficulty for bad actors.

What can we do to protect our data?

-Enable MFA on all accounts (work and personl):

-Update your software, turn on Automatic Updates

-Think Before you Click

-Use Strong Passwords

East Aurora Technology Department
Data Privacy Week
Signature facebook Signature twitter Signature youtube