Best Practices for Internet Security In K-12 Schools Achieving the delicate balance between keeping students safe while

simultaneously introducing new and emerging technologies to meet student needs is a complex process. In this document we share resources and best practices for school districts. The Stephens Group LLC 1/19/2009

Best Practices for Internet Security
Jan. 19

Web 2.0 applications are really the rage now. With limited budgets, Web 2.0 applications can provide free access to online software and storage. They can also help make learning more interactive and meaningful for students. Yet at the same time school districts have concerns about student safety on the Internet and protecting their systems. In our consulting work a number of districts have requested best practices for Web 2.0 technologies. Below are some resources we put together to help. Taking a Layered Approach to Internet Safety A recent article in The Journal by Andy McDonough entitled More is More (2008, p. 10) advocates taking a multi-layered approach in which no one solution is more important than any of the others. A multilayered approach should include things such as: • • • • • Up to date policies that include uses of Web 2.0 applications Admin rights and computer passwords Safe email program with anti-spam filters Internet Content Filtering Ongoing Internet education for staff and students

Acceptable Use Policy (AUP) Districts need to create and enforce a clear and precise acceptable use policy. Student AUPs should be in kid friendly language. They should also be living documents that are updated regularly to include emerging technologies such as Web 2.0 tools. There also need to be procedures in place of what will happen if students and staff do not follow the acceptable use policy. A good resource for developing Acceptable Use Policies and issues administrators should be aware of is at http://www.ctap4.org/cybersafety/admin_resources.htm . This resource also includes tips for cyber-bullying which should also be included in the AUP. We also liked some of the language used in the Ashwaubenon (Wisconsin) School District Acceptable Use Policy. Below is a portion of their AUP policy. It is impossible to completely define unacceptable use, however, for the purpose of illustration, some examples are: • Sending or displaying offensive messages or pictures; • Using offensive or obscene language; • Harassing, insulting, threatening or attacking others, including racial or sexual slurs;

2

Best Practices for Internet Security
Jan. 19

• Damaging equipment or networks; • Violating copyright laws; • Using others’ passwords; • Trespassing in others’ folders, work or files; • Unauthorized access such as hacking; • Intentionally wasting resources; • Regularly employing the technology for commercial, political or religious purposes. Professional Development It is not enough to have a policy. “Holding a one-shot professional development workshop to familiarize staff with the district AUP is not sufficient. Policy reviews should be done on a regular basis and suggests posting the document on the district website” (McDonough, 2008, p. 9). Student Education Students need education on safe Internet Practices. Students need education. “This is not simply a one-time Internet safety class. There should be ongoing age-appropriate instruction from the time students are allowed online and continued throughout their education”(McDonough, 2008, p. 10). Different Levels of Access Schools need to determine different levels of access and policies for students as well as educators and administrators. Educators also need a procedure for getting educational content unblocked in a timely fashion. Two Way Communication between the IT Department and End Users The IT Department and end users need to work together and have processes in place for regular two-way communication on these complex issues. Security policies need to be transparent and shared with all stakeholders. A community of trust needs to be developed between both groups in which they see themselves as partners in providing educational content and safe-practices for students. End users need to be aware and follow best practices for security. There also needs to be regularly scheduled meetings between the IT staff and end users to give feedback on how district policies are working from the classroom perspective. The Consortium of School Networking (CoSN) Cybersecurity initiative has an online survey that can serve as a self assessment of where your district falls in terms of security available at http://www.securedistrict.org/assessment/checklist.cfm . They also have a very helpful checklist of questions your district should be able to answer at http://www.securedistrict.org/safewired/checklist.cfm . These would be great

3

Best Practices for Internet Security
Jan. 19

questions for your committee (made up of the IT Department and end users) to answer together. Standardization It is a best practice to standardize hardware and software in a district. Having fewer software applications or platforms, makes it easier and more efficient for technicians to support. In reality, projects that require students to utilize higher-order thinking skills, solve problems, and use technology as a communication tool do not require an abundance of software. As districts move ahead in integrating the Wisconsin Information Technology Standards and 21st Century skills into the curriculum, we predict that teachers will become less reliant on curricular software. We also predict a rise in subscription based software and the use of Web 2.0 tools such as blogs and wikis. Killer Collaboration Tools Three killer collaboration tools we believe every school district should allow students access to are student email accounts, blogs, and wikis. Student Email ePals is a free email program specifically created for k-12 students. It is sponsored by corporate sponsors such as the National Geographic Society and Intel. Ads never appear in student emails. ePals complies with the Children’s Online Privacy Protection Act, the Children’s Internet Protection Act and the Family Educational Rights and Privacy Act Standards. Educators can adjust protections and access settings according to the different needs and ages of students. Teachers can monitor all incoming and outgoing email, block or regulate attachments, limit correspondence to certain classrooms or students. Blogs One of the powerful things about blogs is that they allow students to write to an authentic audience. Blogs have been shown to improve writing. A report by the Pew Internet & American Life Project(Lenhart, Madden, & Hitlin, 2005), entitled Writing, Technology, and Teens reports that teen bloggers are far more prolific writers than their non-blogging counterparts. Teachers should moderate student blogs. If students are blogging on the Internet student anonymity should be used. Blogs can also be private and set up so that a log-in is necessary for reading and posting.

4

Best Practices for Internet Security
Jan. 19

Blogger and Wordpress are the nice free blogging applications. Wordpress also allows for download and installation on your local server. You can host your own blogs locally with this tool. ePals also has a nice blogging option specifically designed for K-12 schools. You can register and include your entire school or district. Wikis Wikis provide collaborative spaces for students to construct meaning together. Wikis can also be set up so that they are private for reading and posting. One of the nice features of wikis is that it has a history tab and you can see who has posted what content. Applications that have safe Internet Practices Within Them We are starting to see more applications that have Web 2.0 applications built into them. One example would be Moodle, a free course management system. Moodle allows users to participate in password protected discussion boards, have internal email accounts and even set up a class wiki. Adequate Bandwidth Another area in which school districts should be proactive in is making sure that they have enough bandwidth to support Internet use for teaching and learning. As Web 2.0 tools emerge and evolve they have powerful implications for education. However, if school systems don’t build infrastructures that have the capacity to deliver students need, they won’t be able to effectively use these tools with students. With declining budgets, we see more and more school districts not keeping up with bandwidth requirements for the 21st Century. A good resource for learning more about bandwidth in K-12 schools is the CoSN Broadband Knowledge Center at http://www.cosn.org/broadband/index.php?option=com_frontpage&Itemid=1 .

5

Best Practices for Internet Security
Jan. 19

References: Lenhart, A., Madden, M., & Hitlin, P. (2005). Teens and technology, Youth are leading the transition to a fully wired and mobile nation: Pew Internet & American Life Project. McDonough, A. (2008). More is more: No one solution can defend K-12 computer networks against the proliferation of digital threats. The Journal, October 2008, 8-11.

6

Sign up to vote on this title
UsefulNot useful