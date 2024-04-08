



This post about data protection was originally published on CoSN's blog and is reposted here with permission.

Key Point:

Protecting our privacy and security is difficult. It's really challenging. It can also be inconvenient, time-consuming, and frustrating. Did you forget your password? Well, the reset takes time. You will now need to enter a code to verify your identity. Or do you need to complete a CAPTCHA? Why is everything so difficult?

All these additional steps are necessary because bad actors never give up access to your data. The networks we use for work are attacked every day. The same goes for the web services we use both at work and at home. Attackers are relentless in their desire to get phishing emails through, exploit vulnerabilities, and overwhelm networks with denial-of-service attacks. Sometimes it feels like a losing battle, but it doesn't have to be.

We can work together to build a culture of leadership, data privacy, security protocols, and trust in each other, starting with a shared commitment to protecting personal data.

The reason

First, everyone needs to understand why. Why is it so important to protect personal data? The answer starts as business and then becomes personal. Give members of your school community a personal understanding of what's at stake, whether it's identity theft, financial loss, or even physical threats to students or staff.

how to do that

Here's how. How can your staff play their part in protecting personal data, both personally and professionally? Make sure your staff understands their roles and responsibilities related to data privacy and security policies This is a necessary step. It is not enough to have a policy in place. Everyone should also know how to follow it. Training that includes data privacy and security best practices that can be applied at work and home is essential and is one of the best ways to proactively protect the personal information entrusted to us by our customers.

social engineering

It remains important to educate community members about social engineering. Phishing campaigns have been active since his beginning in the mid-90s. It's hard to believe that we've been affected by these campaigns for as long as email has existed, but the fact remains that social engineering is still at work. Most data breaches begin with human error, leading to privilege escalation and compromised credentials. Bad actors take advantage of what makes us human and incorporate elements of urgency, reward, and punishment into their campaigns against us.

By sharing your why with your staff, you can foster a culture of trust that facilitates smooth adoption of data privacy protections that require additional steps such as multi-factor authentication. At the end of the day, we (humans) care about our community and each other.

Laura Pollak, CoSN Student Data Privacy Committee

Laura Pollak is a supervisor at NASTECH & DPSS (NY) and a member of CoSN's Student Data Privacy Committee.

