Discussions

 View Only
  • 1.  What's critical for the business office to know about protecting student data?

    Posted 28 days ago
    Hey ATLIS community, 

    We're working on a new PD offering for our partners at NBOA that we'll roll out at NBOA's annual conference. I'll have an opportunity to share with the business office a few critical things they must be tracking when it comes to protecting student data. We won't get into the technical stuff -- that's for the tech team -- but we will provide a high-level overview of ways schools are going to have to protect student data in the coming years. 

    Please weigh in... If there was one thing you'd want your business office to know when it comes to the work you're doing to protect your community's data, what is it? We have an opportunity to educate our peers in the business office. What do they need to know?? 

    Looking forward to hearing your thoughts. Happy 2023, friends! 

    Christina 

    #CybersafetyandDataSecurity

    ------------------------------
    Christina Lewellen
    ATLIS
    WINCHESTER VA
    ------------------------------


  • 2.  RE: What's critical for the business office to know about protecting student data?

    Posted 26 days ago

    Reiterate the "Cybersecurity/Data privacy is a Team Sport" analogy. Too often even the Business Office assumes that the IT department alone will be able to protect the data.

    Ransomware and identity theft are for-profit businesses. Groups are specifically targeting schools because they know we are soft targets (with some valuable data).

    Remind them of the role that human error plays in hacks - over 80%. Independent schools are trusting, friendly places, but a greater level of skepticism will be required to combat social engineering against business offices.

    The same way that robbers target banks, cyber criminals target the business office - because that's where the money is.

    We know better now, but in the past they probably saved all sorts of documents that now need to be scrubbed for those old network storage drives - scans of passports or tax returns, anyone? Take some time to clear out storage, especially for employees who may have left years ago.



    ------------------------------
    Bill Freitas, CISSP, CETL
    ------------------------------



  • 3.  RE: What's critical for the business office to know about protecting student data?

    Posted 16 days ago
    Thanks for this, Bill. I absolutely agree on the team sport concept. There's no way any single person or department could protect all data at the school. 

    What else, ATLIS community? Does anyone else have recommendations about messages to share with the business officer community? 

    Thanks for your insights.

    Christina

    ------------------------------
    Christina Lewellen
    ATLIS
    WINCHESTER VA
    ------------------------------



  • 4.  RE: What's critical for the business office to know about protecting student data?

    Posted 11 days ago
    Reiterate the "it takes a village" mantra.  We at MICDS developed Data Governance and Cyber Security Oversight committee that is made mostly up of senior leadership, inclusive of CIO, CEO, Development, Admissions, etc.  We meet once a quarter and discuss all things privacy and cybersecurity related, plus vet any new database requests, etc.

    ------------------------------
    Stewart Crais
    Mary Institute and Saint Louis Country Day School
    St. Louis MO
    ------------------------------



  • 5.  RE: What's critical for the business office to know about protecting student data?

    Posted 10 days ago
    Stewart, I like the new committee title. We also utilize the team approach since it is the team that will serve as part of the incident response group.  In addition to this team, we have a relationship with a managed service provider that will also be part of the incident response team as they have expertise in this area.  We've also been considering how best to communicate this to our Board.  There is no standing committee that actually fits and once again we find ourselves with the square peg and round hole approach.  We've had some good discussions and part of me is leaning toward considering recommending it be added to the Governance subcommittee of the Board but it doesn't quite fit.  A standalone committee may make the most sense since this topic has so many tendrils within our schools.  It's not just academics or student software, it is also operational.  This has prompted us to also review the security practices of HR, Payroll, Medical, and TIAA to name a few, as it relates to our constituents' information.

    ------------------------------
    Hiram Cuevas
    St. Christopher's School
    Richmond VA
    ------------------------------



  • 6.  RE: What's critical for the business office to know about protecting student data?

    Posted 10 days ago
    Thanks, all. These are great reminders and I've baked them all into the project I'm working on for the business officer community. Thanks for your help! 

    Christina

    ------------------------------
    Christina Lewellen
    ATLIS
    WINCHESTER VA
    ------------------------------