PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, examines the steps that students – from high school to graduate studies – should take when it comes to protecting their own personal data while, at the same time, being aware of the free resources that are available to help you stay protected.  

By David Dungan

In our society, educational institutions such as preschools, primary schools, secondary schools, colleges, and universities have the primary responsibility to educate students and help prepare them for a life outside of the classroom.

At the same time, in gaining an education, students need to equip themselves with the skills necessary for protecting their own personally identifiable information (PII). This is especially true when you consider:

• Just last month, iClicker fake pop-ups were used to install malware onto students’ devices;
• Pearson, a leading education company that works with schools, universities, and individuals in over 70 countries, experienced a cyberattack that led to a threat actor gaining access to a portion of their system and exposing some customer information.
• Numerous Indiana schools were among the millions of students and educators globally, who were impacted as the result of a cyberattack related to a PowerSchool data breach that occurred late last year.

Fortunately, there are several key steps and a wealth of free resources that students, as well as their families, are encouraged to follow and access as a way to protect their PII

First and foremost, it’s essential to know and understand your rights under the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA), which highlights the rights of parents and families.

In understanding these requirements, schools eligible for government funding are not allowed to disclose student PII, such as social security numbers, birthdays, and any combinations of information that can be traced to an individual, or to third parties without consent. However, there are some exceptions. Parents and students 18 years and older can request the removal or amendment of files. Likewise, these same schools must also have parental consent or the consent of students above 18 to opt out of surveys, physical examinations (again, with some exceptions), and PII collected for marketing or sales. Furthermore, students can report violations of FERPA and PPRA to the Student Privacy Policy Office (SPPO).

As you continue with your education, it’s a good idea to think critically about the tools, programs, and systems you use, including:

• Contacting your school: If you hear about a potential breach, the first step is to directly contact your school to confirm if your data was affected.
• Looking for direct notification: Schools are legally obligated by state laws to notify affected individuals if their PII has been compromised. These notifications must be direct and timely.
• Searching data breach databases: Use trusted, non-profit resources like the Privacy Rights Clearinghouse and the K12 Security Information Exchange (K12 SIX), for some of the latest information about cybersecurity incidents that are impacting educational institutions.
• Monitoring financial and online accounts: After any potential breach, monitor your credit reports and all financial, email, and social media accounts for unusual activity.

Additionally, there’s a benefit to finding options that limit access to your information and consider companies with cybersafe practices.

• If you don't know which companies use safe cybersecurity practices and which do not, consider doing some research on the company or seeing if they are on a list such as the Security Scorecard public ranking. This listing ranks companies in order based on how secure they are.
• Be sure, too, to look at haveibeenpwned.com. This website takes your email address and searches known cyberattacks to see if your email has been leaked in a data breach. If you find out your information has been compromised, you should change your passwords and lock your credit card if it was attached to the account that was leaked.

Whether you’re still in high school, attending college, or you’re out there working a full-time job as part of a co-op or an apprenticeship, the potential is there for you to have many different experiences. And along the way, you’ll no doubt find yourself in situations that involve sharing – in some form – personal information that is uniquely yours.

As part of that journey, taking into account your digital safety will help in creating an outcome that’s more secure and, best of all, is in your own hands.