School Business Affairs February 2020 SCHOOL BUSINESS AFFAIRS | FEBRUARY 2020 19 Given that safe data can be insecure and secure data can lack safety, good information management can pro- vide both data safety and data security. Ensuring Data Safety Data safety is most often referred to as “data integrity” in the information technology (IT) community. It indi- cates the processes and measures used to ensure the validity, consistency, and accuracy of information con- tained in a database. Systems implemented to retrieve, process, and store data should be designed with various controls that ensure the accuracy and consistency of the data. These controls can include limiting dollar amounts for certain transactions, limiting access for various users (e.g., view- only access), limiting the types of characters permitted in entry fields, and using system rules to prevent authorized users from making mistakes when entering and process- ing data or from inadvertently deleting or corrupting data during update, transfer, and storage. In addition to offering controls at the data-entry level, a good database system maintains and enforces data integrity to ensure that data remain intact and unchanged throughout their life cycle. Some examples of data integrity issues that can be controlled or eliminated with good data safety features include controls that do the following: • Restrict the range of possible values for a given field that will prevent users from entering a date outside an acceptable date range and from entering unauthor- ized characters (text or numbers) in certain fields. • Prevent users from accessing, altering, or deleting data when transferring information between two or more databases. • Prevent bugs in an application from deleting or over- writing records. • Prevent users from deleting data that another record is referencing or pointing to. • Prevent developers or analysts from entering test data directly into the database instead of into a test instance or testing mode. • Ensure that physical destruction of the network, data- base computers, or other peripheral equipment does not wipe out or alter the data. • Establish required fields that cannot be left blank in order to prevent incomplete records or missing data elements. • Establish validation rules that help prevent invalid data element combinations and require users to fix errors before saving or submitting records. • Create internal auditing processes that ensure that transactions are reviewed by more than one individual. • Create role-based approval rights so individuals can approve only certain types of transactions and only within their department. • Prevent the deletion of certain types of records and establish start dates and end dates to maintain a his- tory of changes. • Ensure that backups are performed regularly and will fully restore the database to its original form. Most IT specialists can devise other scenarios where data integrity is at risk. In fact, many of the data safety sys- tem controls currently in place were created in response to inadvertent errors that users had made that compro- mised their data in some way. Because school business administrators are expected to make decisions based on relevant data, the safety and integrity of those data become essential to a school divi- sion’s success. Relying on inaccurate data can have a devastating effect on the school district’s bottom line and the achievement of its mission and goals. Ensuring Data Security Data security focuses on minimizing the risk of sensi- tive data—such as emails, health records, social secu- rity numbers, and other personal information—being accessed, stolen, used, or held for ransom by unauthor- ized users. Evidence of breached data is cited daily in newspa- per headlines. The “2019 Official Annual Cybercrime Report” predicts that businesses fall victim to malware, computer viruses, cyberattacks, insider threats, and ran- somware every 14 seconds (Morgan 2019). Essentially, Phishing is one form of social engineering cyber- attack where correspondence is sent to many individuals attempting to trick victims into sharing personal information, such as passwords, user- names, credit card and bank account numbers, and other sensitive data. Spear phishing is a more specific form of phishing that uses personal information to target victims through email or social media. The fake corre- spondence will use the email address, name, and contact information of friends or associates of the victim. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traf- fic of a targeted server, service, or network by overwhelming the target or its surrounding infra- structure with a flood of Internet traffic. DEFINITIONS