Galloway's K-12 cybersecurity initiative, 2 years later | St. Louis Public Radio

Galloway's K-12 cybersecurity initiative, 2 years later

Sep 22, 2017

A cybersecurity initiative launched two years ago to protect public schools in Missouri from hackers is getting good marks from educators. 

It was launched in September 2015 by State Auditor Nicole Galloway and has become a permanent part of the auditor's office's practices.

Local education officials for the most part say it's working, though attempts to hack into school records appear to be on the rise. C.J. Huff is an advisor for the Missouri Center for Education Safety, which is part of the state school board association. He says one thing they’re working on is limiting the number of employees that can access private information.

"You know, who has access to particular information that could be sensitive, and what's the protocol for being able to access that information so it's just not open to everybody, but having some checks and balances," Huff said.

Galloway concurs, stating that many of the challenges they face center on personal responsibility and common sense.

"Folks that no longer work with the school district still have passwords and access to the system," she said. "For instance, if you get an email that's not familiar to you (and) you don't know the sender, don't open the attachment -- don't open any questionable links and emails."

Mo. Auditor Nicole Galloway.
Credit Marshall Griffin|St. Louis Public Radio

Galloway added that training materials on the appropriate use of technology are sometimes not provided to faculty and staff.

"So much of this just comes down to training faculty and staff that have access to the systems themselves," she said. "That type of training goes a long way."

The concerns are similar to ones detailed in an audit released last year of five public school districts, including Orchard Farm in St. Charles County. District spokeswoman April Bryant said they've since hired a security administrator to handle cybersecurity.

"You never really know who is on the other side of any type of cyber attack, and I think that you really have to be on guard," Bryant said. "A cyber criminal is just somebody that you can pick out of the crowd, so that's why it's important to have these measures in place; we have more than 2,000 students (and) that's a whole lot of data."

In addition, Galloway wants lawmakers to pass legislation next year that would require school districts to notify parents if a data breach occurs at their child’s school.

"As a parent with kids in public schools, I would just assume that the school would tell me, 'hey, your child's Social Security number has been stolen,' but that is not the case," Galloway said.

A bill that would have required that type of notification fell short of passage during the regular legislative session earlier this year.

Follow Marshall Griffin on Twitter: @MarshallGReport