Best Practices For Internet Security In K-12 Schools

Best Practices for Internet Security In K-12 Schools Achieving the delicate balance between keeping students safe while simultaneously introducing new and emerging technologies to meet student needs is a complex process. In this document we share resources and best practices for school districts. The Stephens Group LLC 1/19/2009

Best Practices for Internet Security Jan. 19

Web 2.0 applications are really the rage now. With limited budgets, Web 2.0 applications can provide free access to online software and storage. They can also help make learning more interactive and meaningful for students. Yet at the same time school districts have concerns about protecting student safety on the Internet and protecting their systems. In our consulting work a number of districts have asked for advice on what the best practices for Web 2.0 technologies are. Below are some resources we put together to help.

Taking a Layered Approach to Internet Safety A recent article in The Journal by Andy McDonough entitled More is More (2008, p. 10) advocates taking a multi-layered approach in which no one solution is more important than any of the others. A multilayered approach should include things such as: • • • • •

Up to date policies that include uses of Web 2.0 applications Admin rights and computer passwords Safe email program with anti-spam filters Internet Content Filtering Ongoing Internet education for staff and students

Acceptable Use Policy (AUP) Districts need to create and enforce a clear and precise acceptable use policy. Student AUPs should be in kid friendly language. They should also be living documents that are updated regularly to include emerging technologies such as Web 2.0 tools. There also need to be procedures in place of what will happen if students and staff do not follow the acceptable use policy. A good resource for developing Acceptable Use Policies and issues administrators should be aware of is at http://www.ctap4.org/cybersafety/admin_resources.htm .

I also liked some of the language used in the Ashwaubenon School District Acceptable Use Policy.

It is impossible to completely define unacceptable use, however, for the purpose of illustration, some examples are: • Sending or displaying offensive messages or pictures; • Using offensive or obscene language; • Harassing, insulting, threatening or attacking others, including racial or sexual slurs; • Damaging equipment or networks; • Violating copyright laws; • Using others’ passwords; • Trespassing in others’ folders, work or files;

2

Best Practices for Internet Security Jan. 19

• Unauthorized access such as hacking; • Intentionally wasting resources; • Regularly employing the technology for commercial, political or religious purposes.

Professional Development It is not enough to have a policy. “Holding a one-shot professional development workshop to familiarize staff with the district AUP is not sufficient. Policy reviews should be done on a regular basis and suggests posting the document on the district website” (McDonough, 2008, p. 9).

Student Education Students need education on safe Internet Practices. Students need education. “This is not simply a one-time Internet safety class. There should be ongoing age-appropriate instruction from the time students are allowed online and continued throughout their education”(McDonough, 2008, p. 10).

Different Levels of Access Schools need to determine different levels of access and policies for students as well as educators and administrators. Educators also need a procedure for getting educational content unblocked in a timely fashion.

Two Way Communication between the IT Department and End Users The IT Department and end users need to work together and have processes in place for regular two-way communication on these complex issues. Security policies need to be transparent and shared with all stakeholders and a community of trust needs to be developed between both groups in which they see themselves as partners in providing educational content and safepractices for students. End users need to be aware and follow best practices for security. There also need to be regularly scheduled meetings between the IT staff and end users to give feedback on how district policies are working from the classroom perspective. The Consortium of School Networking (CoSN) Cybersecurity initiative has a online survey that can serve as a self assessment of where your district falls in terms of security available at http://www.securedistrict.org/assessment/checklist.cfm . They also have a very helpful checklist of questions your district should be able to answer at http://www.securedistrict.org/safewired/checklist.cfm . These would be great questions for your committee made up of the IT Department and end users to answer together.

Standardization It is a best practice to standardize hardware and software in a district. Having fewer software applications or platforms, makes it easier and more efficient for technicians to support. In reality, projects that require students to utilize higher-order thinking skills, solve problems, and use technology as a communication tool do not require an abundance of software to do this.

3

Best Practices for Internet Security Jan. 19

As districts move ahead in integrating the Wisconsin Information Technology Standards and 21st Century skills into the curriculum, we predict that teachers will become less reliant on curricular software. We also predict a rise in subscription based software and the use of Web 2.0 tools such as blogs and wikis.

Killer Collaboration Tools Three killer collaboration tools that we feel every school district should allow students to have access to include student email accounts, blogs, and wikis.

Student Email ePals is a free email program specifically created for k-12 students. They are sponsored by corporate sponsors such as the National Geographic Society and Intel. Ads never appear in student emails. ePals complies with the Children’s Online Privacy Protection Act, the Children’s Internet Protection Act and the Family Educational Rights and Privacy Act Standards. Educators can adjust protections and access settings according to the different needs and ages of students. Teachers can monitor all incoming and outgoing email, block or regulate attachments, limit correspondence to certain classrooms or students.

Blogs One of the powerful things about blogs is it allows students to write to an authentic audience. Blogs have been shown to improve writing. A report by the Pew Internet & American Life Project(Lenhart, Madden, & Hitlin, 2005), entitled Writing, Technology, and Teens reports that teen bloggers are far more prolific writers than their non-blogging counterparts. Teachers should moderate student blogs. If students are blogging on the Internet student anonymity should be used. Blogs can also be private and set up so that a log-in is necessary for reading and posting. Blogger and Wordpress are the nice blogging applications. Wordpress also allows for download and installation on your local server. You can host your own blogs locally with this tool. ePals also has a nice blogging option specifically designed for K-12 schools. You can register and include your entire school or district.

Wikis Wikis provide collaborative spaces for students to construct meaning together. Wikis can also be set up so that they are private for reading and posting. One of the nice features of wikis is that it has a history tab and you can see who has posted what content.

Applications that have safe Internet Practices Within Them We are starting to see more applications that have Web 2.0 applications built into them. One example would be Moodle, a free course management system. Moodle allows users to participate in password protected discussion boards, have internal email accounts and you can even set up a class wiki.

4

Best Practices for Internet Security Jan. 19

Adequate Bandwidth Another area school districts should be proactive in is making sure that they have enough bandwidth to support Internet use for teaching and learning. As Web 2.0 tools emerge and evolve they have powerful implications for education. However, if we don’t build infrastructures that have the capacity to deliver what we need, we won’t be able to effectively use these tools with students. With declining budgets, I see more and more school districts that are not keeping up with where they need to be bandwidth-wise for the 21st Century. A good resource for learning more about bandwidth in K-12 schools is the CoSN Broadband Knowledge Center at http://www.cosn.org/broadband/index.php?option=com_frontpage&Itemid=1 .

References: Lenhart, A., Madden, M., & Hitlin, P. (2005). Teens and technology, Youth are leading the transition to a fully wired and mobile nation: Pew Internet & American Life Project. McDonough, A. (2008). More is more: No one solution can defend K-12 computer networks against the proliferation of digital threats. The Journal, October 2008, 8-11.

5