Doug Johnson

A Short Guide to Technology Security
Head for the Edge, Library Media Connection, February 2005

As much as I hate to do it, I’m putting on my techie hat (err, pocket protector) for this column. So instead of the loveable, enabling, supportive person you’ve come to expect, I’m carrying a stick and wearing a scowl. We’re talkin’ computer security and you know how we techies feel about the subject.

Technology security manuals for your school district is probably about the length of a Stephen King novel, and I expect you, as a diligent school staff member to have read yours very carefully.

No? Why not? It’s important. After all an increasing amount of critical, confidential educational data is transmitted and stored electronically. Despite its intangible nature, digital records, communications, and intellectual property, whether the school’s or yours, is as valuable and important as physical property. Safeguards to protect virtual resources are essential and using them is your professional responsibility.

So OK, here’s the Cliffs Notes version if you really don’t have time to read the whole manual.

Passwords
As a school employee, you have the responsibility of a variety of passwords including those for the student administration system, the network, e-mail account, grade book program, voice mail and more. All passwords should:
•    Be unique for each application.
•    Be changed on a regular, frequent basis.
•    Be composed of both letters and numbers for highest security.
•    Be kept in a secure place if written down.
•    Never be given to anyone else, especially students
•    Never be given to a tech support person who is unknown to you, in person or especially over the phone.
Treat passwords with the same care you would the code to your ATM card.

Kevin Mitnik has written a fascinating book on “social engineering” – using old fashion human con artist techniques to get passwords – called The Art of Deception (Wiley, 2002). Read it.

Back-ups
It is your responsibility to maintain at least one back-up copy of your self-created documents (word processing files, presentations, etc.) You should also regularly create a back-up copy of your grade book data, saved e-mail messages, e-mail address book, calendar, and to-do list unless stored on a server. (The district will handle the data on the servers.) We recommend backing up all files on at least a monthly basis; more often if you are working on a critical project. You need to ask yourself, “What would I lose if my computer’s hard drive were to die right now?” Or, as Dirty Harry would say, “Do you feel lucky…punk?!”

You may choose to store your back-ups in online storage space (on either the internet or an intranet) or use writeable CD-ROM or DVD disks to create copies of your files. Back-up disks should be kept in a secure place, preferably not in your school building.

Viruses
Computer viruses are small pieces of programming code that often have the nasty ability to destroy data on computers. School tech services may use firewall filters to protect computer users from these programs that are spread as e-mail attachments, hidden in programs downloaded from websites, and as macros in word processing and other documents. But new viruses are being constantly created and no filter is perfect.

You can minimize your exposure to viruses by:
•    Never, never, never opening an e-mail attachment you were not expecting, even from someone known to you. Never.
•    Never downloading programs from unknown sources on the Internet.
•    Turning the “macro” feature off or “macro security” on in word processing and other applications.
•    Scanning your computer regularly with a virus protection program.

Data Privacy
The protection of the privacy of students is your professional responsibility. This means knowing the laws, district policies and building guidelines about what student information can be shared and with whom. Protect students’ privacy by:
•    Following the password guidelines listed above.
•    Using a screen-saver with password that automatically starts after a short period of inactivity.
•    Obtaining parental permission forms prior to posting photographs or student work on the school’s website.
•    Keeping students’ last names, e-mail addresses, or other identifying information off school web pages.

Hardware Security
Computers and other hardware can be stolen and damaged through both carelessness and maliciousness. Protect your computer and other hardware by:
•    Placing it on a firm surface, away from edges to prevent it from being pushed off.
•    Encasing cords and cables to prevent damage both to the hardware and anyone who might trip over them.
•    Using a security cable to lock laptops to immovable objects when left unattended.
•    Making sure your homeowners’ insurance covers school equipment if lost or damaged if you use it off school property.
•    Never opening (or attempting to open) your computer’s case. Touching the wrong gizmo may not only hurt the computer, it may seriously damage you. Let the people who think they know what they are doing do such surgery.

This is not just a techie vent. The more secure we can keep our computer systems, the more dependable they are. And reliable computers are less frustrating for you, and better for your students.