Security Lessons from School

Sue Marquette Poremba

Nearly one quarter of data breaches in 2009 came from the educational sector. While I don't have the numbers, I would suspect quite a few of those breaches come through college data loss.


However, security is an issue for other levels of education, and as I learned from my conversation with George Thornton, network operations manager at the Montgomery (Texas) Independent School District, managing a school district's computer network is similar to that of any business, with a few exceptions.


Thornton said his district has 7,000 students and nearly 900 teachers. The No. 1 security problem?

Students and teachers both bring in outside drivers for the computers at the school. What comes from home can't be controlled by IT.

Working with Kaspersky Lab, the district now has a tool that, when a flash drive or other outside driver is plugged into a computer, the computer automatically runs a scan. Said Thornton:

The normal reaction is to check no if the computer prompts a scan. This tool doesn't give the user the choice.

That adds an extra layer of security to the machines. But it also adds an extra layer of security for the school itself. You see, one of those exceptions that schools deal with that enterprise does not is the Child Online Protection Act, which Thornton admits can create serious security nightmares. It requires strict content filtering, which is difficult because different schools will have different levels of filtering.


Because budgets are limited, he told me, schools aren't able to upgrade computers and equipment as frequently as a corporation might, which can affect security efforts. The tight budgets also mean that Thornton -- and school CIOs nationwide -- have to carefully pick and choose which security options to employ and which have to be skipped because they are too expensive.


School districts are not immune to the threat of attack from outside or inside hackers. Just like in a business, just like in a college, school districts are a wealth of personal information on thousands of people. Just like in many segments of industry and society, security for school computer networks is its infancy in many ways, but I think it is important to remember that no matter what type of business you are in, everyone needs to focus on data security issues.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Jul 7, 2010 5:50 PM John P. Guclel, CEO/Owner MEDICAL VISIONS, INC.- Milwaukee, Wisconsin U.S.A. John P. Guclel, CEO/Owner MEDICAL VISIONS, INC.- Milwaukee, Wisconsin U.S.A.  says:

    As a Portal Partner, and as all of us a former student, I find that when approaching an educational institution there are major hurdles to overcome. Whatever level of education we are dealing with, there is usually a qualified IT person that makes the decisions on just what security product to implement.

    Educators tend to feel that, because they are educators, they have to present themselves to the students, and their peers, as being without flawed thinking. They feel that they have researched the matter fully and must be right. When a decision to buy any security product is made they sometimes feel that they can't make an improper decision. It is like an imperfection.

    When approaching the institution usually a person "lower on the Totem Pole" sees the product first. If that person is impressed it is not because he has fallen for "Slick Willy's" salesmanship, or the companies marketing tactics, it is because the guy on the top tends to leave research to the little guy. This is the first contact point for any sale made to the institution.

    But, now enter in to the equation that someone higher up, usually the IT person, has made the decision to buy what is currently implemented, and his decision cannot be flawed. Hence the real problem.

    I agree totally with the author that the breaches are usually caused by outside sources coming on to the network. ALL outside importing means should be scanned without question. Let's say that a student created a simple book report on a home computer using Microsoft Word or WordPerfect. The home computer usually has an Anti-Virus program installed. The parents of the student don't have a lot of excess cash and will naturally gravitate to a solution that is free. The old saying is "You get what you pay for". We have been very fortunate to have no Virus problems with any home system, or business system, that Kaspersky is installed on. (Knock on wood)


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.