(Photo by Joseph Pearson)
The issue of cybersecurity is an ongoing concern for the Holy Family Roman Catholic Separate School Division, as they partner with companies like IBM to keep them up-to-date with the latest methods of maintaining a high level of security of personal data of staff and students.
Superintendent Chad Fingler provided an update to the Holy Family board at their monthly meeting, which was held virtually on Wednesday evening.
“We know that education has a vast amount of information, both private and personal,” he said, noting that schools can become primary targets of hackers who want to mine that data.
He touched on phishing, which is a method of using fake emails to get people to click on and provide a portal for them to come in and look around the school’s system, as it were, or to plant a Trojan or ransomware as they lock the school’s system down for a ransom.
“Educating staff on how best to mitigate security is huge,” said Fingler. “Nearly all virtual security issues are due to human error. We have money budgeted every year so we can stay on top of it.”
Part of the funding is to have partners like IBM, who carry out a robust security scan with a third-party vulnerability test to assess how well set-up a school division’s computer system is to keep hackers out, he explained, noting that every time they think they’re on top of it, something new pops up.
One major change for security is to have all of their data on the cloud rather than all in a physical server in a school or the division office, said Fingler, who noted that they have to buy a whole new server every five or six years as it ages out and the warranties come off.
“Now we’ll buy space in the cloud and will be billed just for the space we use rather than use an entire storage box,” he said. “With that comes major security improvements as our data is no longer sitting in a metal box in a school.”
He added this also keeps the data safe should a fire, flood or burglar break in and cause damage to a school’s computer system or server.
For students, Holy Family also uses net nannies which monitor what sites students are visiting or using, and a teacher can go on and see what site every student is on.
With remote learning needed once in a while due to COVID-19 issues, Holy Family’s IT expert can also ensure that the Chromebook machines sent out are kept secure.
Part of the operational procedures used also are digital citizenship agreements, which must be signed by all staff members along with the professional development they are provided for the use of technology.
Password protection is another area that they deal with for staff, administrators and board members. Fingler said one solution, suggested by IBM experts, is to use a phrase that has 16 or more characters and is easy to remember, making it very, very difficult to break because of how long it is. Suggestions were phrases like “I like Hawaiian pizza” or “I like to golf on Sundays”, ones that are personal and easy to remember.
At the same time, trustees and staff need to stay away from so-called “Golden Ticket” passwords, which are passwords someone uses for everything. Fingler pointed out if a hacker cracks it, they then have access to everything that password is used for.
“I feel very proud of what we’ve done in Holy Family, as security is an important process for us to consider. We continue to journey with it,” said education director Gwen Keith.
