22 FEBRUARY 2020 | SCHOOL BUSINESS AFFAIRS asbointl.org SAFETY AND SECURITY The Characteristics of Schools That Promote Information Security What constitutes a secure information technology system? By Steve Anderson, SFO, Jim Westrum, SFO, John Harmon, Brad Nigh, and Amy Diedrich A district’s data security program is determined not only by the size of the school and the types of data housed there, but also by other school district characteristics. Regardless of the variations among districts, the goal is the same: avoid security breaches and protect sensitive data. Safe- guarding student, faculty, and staff information protects people’s privacy and a district’s reputation and retains community trust. Adopting a strong combination of proven best prac- tices can improve a district’s ability to manage risk and mitigate it where necessary. Executive Buy-In The strongest predictor of the long-term success of an IT security program is ultimately its acceptance by the board of education, the superintendent’s cabinet, and the executive and leadership teams. In practice, although information security is the responsibility of the IT department, protecting data is a concern for all the district’s departments. With students and staff members accessing connected devices, the risk of a data incident increases. When the district’s executive and leadership teams take information security seriously and are committed to protecting student, employee, and other records, the data security program will be much stronger, decreasing the likelihood that the district will face a debilitating secu- rity incident. Employee Awareness With strong executive and departmental buy-in, the dis- trict can promote a culture in which security is ingrained in everyday practices. Employees can be the district’s big- gest security strength or its biggest security weakness. For instance, employees often bring their online habits from home to the workplace. If those habits are sloppy, employees can wreak havoc on the security environment What Can I Do? Leaving your password written ...is a lot like leaving your somewhere on your desk keys in your front door.