School's in Session, Data's at Risk
Faster than students flood the halls when the bell rings, private information can be stolen from vulnerable academic institutions, as well as directly from the students who attend them. With treasure troves of personal data, much of it belonging to young people with squeaky clean credit histories, schools, colleges and the students themselves are big-time targets for cyber criminals.
One of the best things you can do to protect the students in your life is become aware of the security controls (and gaps in protection) that govern the devices they use, as well as the data collected, stored and shared by their schools.
When you're curious, ask questions. A+ for following up if you get an "I'm not sure. I'll have to look into that" type of response.
Read on to learn more about
back-to-school time risks and other threats to your d
ata security and privacy.
|
|
|
Jackson Lake in the Grand Teton National Park, just one of several breathtaking views from my summer travels. |
|
Data Security & Privacy Beacons
|
People and places making a difference**
Have you seen an organization or individual taking actions to improve privacy? Send me a note to nominate a privacy beacon of your own!
Elementary school parent Brad Shear inspired the development of a student "data deletion week." When his son accidentally stumbled on a song online with explicit lyrics, he was concerned the search would remain in his digital footprint and "come back to bite him" later. To prevent such a result, Montgomery County Public Schools will devote a week to purging its online databases of unnecessary student information each year. This is so innovative, and a great example of how important it is to speak up when you have questions about your child's data security and privacy.
Another U.S. school district, the Denison Independent School District, has proposed to ban devices with listen-in and student-tracking capabilities. The superintendent explained that such recording devices in a classroom setting presents privacy and confidentiality issues. The ban would restrict parents and others who may not even be onsite from eavesdropping on conversations happening around their child while at school.
Although far from perfect when it comes to privacy, Apple is taking publicly visible, pro-privacy action with the development of a new policy. Any advertiser the company believes is tracking users without consent will be kicked off the platform. Apple is taking steps to at least appear to hold a hard line against this kind of behavior, stating in its updated policy that it will be viewed "with the same seriousness as exploitation of security vulnerabilities."
The Breach Exchange listserve creators Destry Winant and Audrey McNeil have curated important data security and privacy news for many years. I've been a long-time subscriber and believe their messages offer great tips and news people may not otherwise come across. I recommend all my readers sign up today and share their newsletter with everyone they know who is interested in keeping their personal data secure and private. (NOTE: I realized they do not have a privacy notice posted on their page and sent some suggestions for them to consider.)
Kudos to the 50 voting nations on 6 continents that unanimously approved development of international cybersecurity, privacy and safety standards for Internet of Things (IoT) in homes and buildings. For all you fellow standards nerds out there, I'm talking specifically about ISO/IEC 15045-3-1: Gateway Privacy, Security and Safety; and ISO/IEC 15045-3-2: Gateway Privacy Framework. So excited to see headway being made on the creation of universal rules around the gateways attached to IoT devices. Special kudos to Timothy Schoechle who has led development of these standards, as well as other ISO/IEC standards.
An anonymous "white hat" hacker is responsible for alerting Capital One to a potential vulnerability in its system. The tipster found a store of leaked data online and let the company know. Capital One was able to inform 100 million people in the U.S and another 6 million in Canada that their information, which included names, addresses, dates of birth, self-reported income and credit scores, had been stolen. It was also able to fix the improperly configured firewall that allowed the breach.
**P
rivacy beacon shout-outs do not necessarily indicate an organization or person is addressing every privacy protection perfectly throughout their organization (no one is). It simply highlights a noteworthy example that is, in most cases, worth emulating.
|
|
|
Approaching the Grand Tetons _from the east going west_ |
|
Refusal to give up your sample leads to a guilty verdict
While drug screening certainly isn't new, particularly for student athletes, it is becoming riskier for participants.
The increased threat is not because students are at greater risk of getting caught using drugs. Rather it's due to the fact some new policies are akin to extortion. In other words, the school district insists you get tested or you don't get to be involved in your activity. Period.
The irony is that requirements like this require students and parents to say they are "freely giving consent."
In
this Texas school district
, for instance, students who refuse testing are considered to have a positive result. So, if you decline the test, you are automatically labeled as guilty. What's more, the scope of students that can be randomly tested has been expanded to include much more than athletes; those participating in extracurricular activities and those who request a parking permit for the school's property are also subject to testing.
Consider the consequences for a privacy-aware child or parent who opts out because they aren't satisfied with the security controls of the school or its third-party testing service!
Keeping students and school grounds safe and drug-free is, of course, a valiant mission. It's just as important, however, to protect the data security and privacy of students. I certainly hope the school district has asked some tough questions of the third-party in charge of collecting, testing and storing the samples of the young people they are in charge of protecting. These samples, after all, contain a whole lot more than drug evidence (like DNA profiles!).
If the district did, in fact, ask those tough questions and received satisfactory answers, it would be nice to communicate that information. Yet, I did not see any information on the following in
the district's letter
to parents
:
- privacy policies
- descriptions of how the samples or results would be protected
- how parties would be held accountable for that protection
- how the analysis results would be used
- rights the students/parents had to access the data
- rights to delete or correct the analysis results
- rights to restrict the entities to whom the data would be given
One more VERY important consideration...
- If organizations/vendors collecting and analyzing saliva are NOT healthcare providers as defined by HIPAA, HIPAA information security and privacy protections do not apply. This means the orgs/vendors do not have data security or privacy regulations obligating them to protect student data or give the students rights over that data.
School administrators, teachers and parents must do more to protect students' privacy. The these increasing number of ways their sensitive personal data is being collected calls for everyone to step up their game.
|
|
|
Wild Horse Canyon_ Wyoming |
|
15 Sneaky Kid Apps Parents Should Watch For
|
'Don't talk to strangers' is great device, especially in the digital era.
One of the biggest risks to children's safety is their ability to talk to anyone from anywhere at anytime, right from their device. And, that person they are talking to may not be who they pretend to be -- that's the particular danger of digital communication.
While there are plenty of apps and sites that allow strangers to message one another, law enforcement officials recently identified 15 in particular. Each one, they say, is popular with both children, and sadly, with predators.
The next time you review your kids phones, be sure to check the apps list. If you see any of the following, talk with them about the danger and consider removing it.
- MEETME
- Grindr
- Skout
- WhatsApp
- TikTok
- Badoo
- Bumble
- Snapchat
- Kik
- LiveMe
- Holla
- Whisper
- Ask.fm:
- Calculator%
- Hot or Not
If you know of others that should be added to this list, let me know!
|
|
|
My son exploring at the edge of Wild Horse Canyon with Castle Rock in the background
|
|
New tool's "erase" feature is misleading.
It's no secret Facebook has become embroiled in a series of controversies surrounding the security and privacy of users' data. Over the last year or so, we've seen moves by the internet giant that appear to demonstrate they are paying attention to the public's waning trust.
One such announcement came just a few weeks ago when Facebook launched Off-Facebook Activity. It's a tool that allows users to view, and supposedly erase, data that sites and apps outside the social network have shared with Facebook. Of course, there's no deleting the data from the original sources, although this tool may create that false sense of security.
In other Facebook news...
Instagram, a Facebook-owned social property, is suffering from a look-alike scam that ironically plays on users' fear of cyber crime.
An email phishing attack claims "Someone tried to log in to your Instagram account," and asks the victim to use a six-digit code to reactivate their frozen account. But, when they click on the embedded link to do so, they are sent to a malicious domain. It looks a lot like the real Instagram and even has a HTTPS certificate!
1) Legitimate companies do not provide links for logging in to an online service.
2) The domain contained a .CF extension, which is unusual.
3) The email misspelled "login."
4) There was also a notable punctuation error in the body of the email.
If you, or any of the students in your life, receive this or a similar email, go directly to the site of the service in question. Never click on a suspicious link, as it could very well lead you down a path you can't come back from.
|
|
|
There were several varieties of dessert flowers that seemed so healthy... hard to imagine in such barren conditions. |
|
What To Know Before Sharing Kids Lives on Social Media
|
Best practices for posting about the children in your life
| | | |