Part of a blog series from the CoSN’s Student Data Privacy Committee tied to Privacy Awareness Month. 

Protecting our privacy and security is challenging. Really challenging. It is also inconvenient, time-consuming, and sometimes frustrating. Forgot your password? Yeah, that’s going to take some time to reset. Now, I need to enter a code to verify it is me. Or do I have to complete a CAPTCHA? Why is everything so hard?

All these additional steps have become necessary because bad actors never stop trying to access our data. The network we use at work is bombarded with attacks every day. The web services we use both at work and at home are, too. The attackers are relentless and hope to get a phishing email through, to exploit a vulnerability, or to overwhelm the network with a Denial of Service attack. It sometimes feels like a losing battle, but it doesn’t have to be.

We can work together to build a culture of trust, trust in our leadership, data privacy, security protocols, and each other, starting with a shared commitment to protect our personal data.

The “Why”

To start, everyone needs to understand the “why?”. Why is it so important to protect personal data? The answer: It starts as a business, and it becomes personal. Make it personal for members of your school community to understand what is at stake: identity theft, financial loss, and even physical threats to students and staff. dayne topkin u5zt hoocrm unsplash

The “How”

Then, the “how”. How can your staff do their part to protect personal data, both personally and professionally? Ensuring your staff understands their roles and responsibilities related to your data privacy and security policy is a necessary step. Developing a policy isn’t enough; everyone must also know how to follow it. Training that includes data privacy and security best practices to apply at work and home is essential and is one of the best ways to protect the personal information entrusted to your care proactively.

Social Engineering

Educating members of your community about social engineering remains crucial. Phishing campaigns have been working since they started in the mid-90’s. It is hard to believe that we have been subjected to these campaigns for as long as there has been email, but the fact remains that social engineering still works. Most data breaches start with human error, leading to privilege escalation and compromised credentials. Bad actors use what makes us “human” and include elements in campaigns like urgency, reward, and punishment against us.

Sharing the “why” with your staff can foster a culture of trust that encourages the smooth adoption of data privacy protections that require extra steps like multi-factor authentication. Ultimately, we (humans) care about our community and each other.

AUTHOR: Laura Pollak, Supervisor, NASTECH & DPSS (NY)
Member of CoSN’s Student Data Privacy Committee

Published on: February 1, 2024

CoSN is vendor neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes.