-
Jay Crawley at LOA is responsible for cybersecurity at the school. MAUREEN STRATTON/Staff
Cybersecurity is not just for banks, big corporations, online commerce, and personal data protection. It is a real threat to schools that collect enormous data throughout the year and not just limited to a student’s name. It is often the sole responsibility of a technology manager onsite at the school to program safeguards into existing systems to ensure data is not breached.
Jay Cawley is the director of technology at Lake Oconee Academy and recently presented at last week’s Board of Governors meeting. He, along with department head Bobby Zimmerman, works alongside administrative staff and teachers to ensure that all relevant student data is protected and secure.
Cybersecurity is important because it safeguards against all types of personal loss and theft. Highly sensitive data, protected health information, personally identifiable information, passwords, intellectual property, and now, school information systems have become ready targets.
Disruption of student services and damage to hardware and other server systems within a school is a threat both Cawley and Zimmerman see in this digital age.
“Schools would be hard-pressed to educate without the internet,” said Cawley. “All aspects of education are driven by technology and are seen as easy targets for ransomware and major disruption. Student files are not limited to students. It includes parents and caregivers and their information as well.”
Cawley holds a master's in computer information systems from Georgia State University and has served in various school systems as both a science teacher and technology director. Before joining LOA, Cawley was with the Morgan County school system for 14 years.
Cawley explained that education is seen as a real, viable threat.
“Ransomware with education is highly targeted,” Cawley said. “From an industry standpoint, there have been budget shortfalls for sophisticated system upgrades to protect data. A young person’s data is considered valuable, just as names, addresses, and social security numbers are. There seems to be a high value to obtaining information for identity theft and fraud.”
Cawley and Zimmerman initiated a program to train teachers and other essential personnel on probable situations that would occur throughout their day such as phishing emails.
These emails are intended to trick the user into using scam emails and text exchanges to redirect to another website where data can be collected and sold. It is considered fraud in its use of intentional deception to breach securely protected information.
“Every school has a student information system or network,” Cawley said. “This data would include grades, attendance, name and addresses, and more. Phishing emails want to redirect teachers and other users to unlawfully obtain select data.”
Due to this, Cawley and Zimmerman put in place an effort to train teachers. Once links are opened, a report is generated back to the technology office to alert them of a planted threat. Teachers are then trained to better recognize these online threats to secure both school and student data. Due to efficient training, he reports that there have been no significant incidents at the school.
Cawley’s office also puts a lot of emphasis on reducing the school’s digital footprint, which is traceable data and activity a user leaves on the internet. Digital footprints are left with website visits, sending a routine email, submitting an online form, or other trackable online actions.
“If a second grader needs a select program, it only goes to second graders at the school and no other grades. We have implemented new security of our network, internet content for students and teachers, and implemented multi-factor authentication for each user,” Cawley said. “We have removed file shares throughout the school on our network and server infrastructure.”
Cawley sees a big need for schools to have clear policy procedures and processes to ensure uniformity in doing things at the school level.
Additionally, he added that schools need clear agreements for vendors using and accessing data.