Auditor Galloway releases a report indicating data security risks in schools

security concept with a lockAuditor Galloway’s new data security report indicates 5 data security concerns in Missouri schools. These concerns were identified as part of the Cyber Aware School audits initiative, designed to fight against unauthorised access to student records and other sensitive data.

According to her, Missouri schools have a responsibility to keep students’ data as secure as possible. The report is a compilation of the most common data security concerns identified in schools across various districts of Missouri. It highlights the following concerns:

  1. Data management program

Some districts failed to establish a set of procedures that would ensure that sensitive data is formally managed.

  1. Account management

Certain employees and staff were either sharing passwords, or were not required by policy to change them on a regular basis. Apart from that, user access to the system was not fully reviewed.

  1. Security precautions

Certain districts failed to appoint an individual to serve as a security administrator. Either that, or they were not training their employees on the importance of data security.

  1. Incident response planning

Some districts failed to have a formal plan in place on what to do in the unfortunate event of a data security breach.

  1. Vendor contracts

Certain vendor contracts with technology providers were written in such a way that certain third-party vendors could get away with not complying with the local standards, and no monitoring processes were in place to prevent such a scenario from happening.