Get control of all the siloes of feedback data to better protect PII from hackers
When you’re responsible for protecting a school district’s data, one of the biggest risks is data you don’t know about. According to cybersecurity experts, Acceleration Economy, data silos result in risky blind spots.
The problem is that most of the educators you’re working with are used to taking care of themselves. After all, most teachers have to buy their own classroom supplies, so naturally they’ll choose a free and easy tool to collect permission slips or get feedback from parents. Feedback that often includes Personally Identifiable Information (PII).
The end result is that each school has dozens of silos of data that are largely unprotected, unconnected, and unaccounted for. And this is why cyberattacks on schools have increased by 84%.
So how do you get control? Select one feedback platform for the entire school or district. Then everybody collects the information and feedback they need, and IT can control who can access sensitive data. This makes it easier to protect the data while allowing people to compare data across schools, grades, or even over time.
Read how the Association of Independent Colleges of Art and Design centralizes data.
At audit time, everything needs to be accounted for
When it’s audit time, how do you start to find where all that feedback data is stored? Is it all in work accounts, or have people navigated around free limitations by opening a second account or using a personal account? Do they even remember where they stashed all the data? Once the school year starts, things tend to get massively chaotic, and what made sense in September seems ridiculous in March.
It might not seem like a big deal until you consider that FERPA (the Family Educational Rights and Privacy Act) now includes protecting online student records and data. It’s considered a violation if your school or district allows unauthorized personnel to access these documents, even if it’s due to a mistake. Or due to a hacker breaking in.
Calculate the cost to control free
Once you start including the time IT needs to find, collect, disinfect, and protect data collected with free and unsecured forms and surveys, the hours (and costs) add up quickly.
You can calculate your costs using a formula like this:
IT staff time to find data silos: | __________ | Hours |
(includes finding who has silos and how to access the data) | ||
IT staff time to quarantine and disinfect data: | __________ | Hours |
IT staff time to move data to secure location: | __________ | Hours |
Add up the hours: | __________ | Hours |
Multiply by the hourly cost of IT person: | __________ | /Hour |
Total cost: | $_________ |
While this cost may be much larger than you considered, the even bigger costs come in the horrible event that a hacker uses that data for no good. Or uses those unaccounted-for data silos to find and exploit a vulnerability in your system. Not only do you have the cost of any ransomware, but also the fines and the cost of lost trust that inevitably follow. Plus, it’s always IT’s fault. No matter who or what is the source of the problem, you get blamed.
There is a solution
Standardizing on a single secure platform that allows you to collect all of the feedback – satisfaction surveys, forms, tests, staff surveys, and more – will give you the security you need while enabling people to collect all the feedback they need. The right solution also allows you to control who has access to sensitive information, including PII. Consolidating control over your users also allows IT to protect all data centrally.
Using a secure SaaS (Software as a Service) solution puts all that data in the cloud, where your survey vendor is responsible for end-to-end data encryption, data residency and isolation, redundancy, proactive monitoring, and data retention requirements.
That’s how Alchemer would offload this challenge for you going forward. Data collected by Alchemer will show up in the cloud, secured, and available.
Read the other blog posts in this series
Read more about Alchemer’s security and compliance.
Discussion about this post