A New Year’s Resolution: Store Business Data Securely Offsite#Security
by Erin WerraRead time:
If you’re still hosting your data onsite, make a resolution to change that in 2023. Let Skyward and ISCorp do the heavy lifting for you and keep your data safer!
Rules and regulationsBefore we dive into storage options, let’s take a step back and talk about what kind of data the business office is responsible for.
Data stored in the business office is not student data, so FERPA isn’t a concern. However, most business office data is highly confidential, and some is regulated by labor and privacy laws including HIPAA.
School business office data may include:
- Applicant documentation (applications, resumes, job descriptions and interview notes)
- Employee information
- Payroll information
- Medical testing for employment
- Employee evaluations
- Disciplinary documentation
- Harassment claims and investigations
- Protected health information from insurance plans
Hopefully your record storage is not limited to paper. Odds are, though, some paper documents will need to hang around, and that’s okay. Here are some tips for storage of very old documents. Although most of these “dinosauric” record tips are limited to student records, which must be kept indefinitely, the oldest materials cannot be read by automated machines. They require manual search and organization. The technology to reproduce some of them can cost thousands of dollars!
Paper records can be scanned and retained, but keep in mind a few guidelines to stay compliant:
- Records must be accurate.
- Records must be entire and exact: For example, if notes are present in colored ink, the scanned copy must be in color.
- Records must be in an unalterable file format (PDF, image, etc.).
There are two main options when it comes to storing digital records.
1. On-site storage: If you choose to go this route and store your data at your district, you need to be sure your records are protected from both physical and digital threats. When it comes to physical safety, natural disaster prep will depend on your region. Another thing worth considering is the location of your data center. Some places are more secure than others, both from human interference and the elements. (Hint: your best bet is not the basement!)
As for digital safety, the first line of defense against attacks is ensuring your team is well versed in the myriad of methods hackers use to break through human firewalls. Phishing is one of the most common ways hackers can breach your network and snatch your data. Unfortunately, a multitude of opportunities to be phished fill inboxes every day. Practicing the skills to spot a fake link in an unexpected, but urgently worded email from someone pretending to be a supervisor might just save your district millions in data ransom.
2. Cloud storage: The second option is to store your data offsite on a virtual server, commonly referred to as cloud storage. This super-secure option takes stress and responsibility off your shoulders, boosts security, and makes disaster recovery easier. If you choose to host with Skyward’s trusted partner, ISCorp, your district’s data will be securely backed up at the ISCorp data center. The ISCorp team will do all the updates and legwork for you. In the unfortunate scenario where your system goes down (whether it be from a natural disaster or a ransomware attack), ISCorp guarantees they'll have your data live within 24 hours of notification. Pretty cool, huh?
Check out this story about a Skyward district in Illinois that survived a ransomware attack thanks to their partnership with ISCorp.
What your business office can do to stay up to dateIt can be hard work keeping up with changing requirements and evolving technology! Here are a couple ways to make things easier.
Follow your local, state, and federal regulations: Each state offers guidance on recordkeeping, but these guidelines can change from year to year. Fortunately, Skyward’s state and federal compliance team has you covered. Keep in touch with our team—their job is to make it easier for you to remain compliant!
Build your network: Another way to stay up to speed on changing guidelines is by expanding your network. Many minds fixed on compliance are much more effective than one or two! Connect with neighboring district business offices and people you meet at edtech conferences. Or consider joining a regional, nationwide, or international organization (such as ASBO, the international Association of School Business Officials). These connections will make it much easier to stay on track.
If you’re a Qmlativ user, be sure to sign up for the Skyward Community: Here you can connect with other Skyward business office personnel and share tips and tricks for remaining compliant.
The data stored in your school business office is irreplaceable and precious. As much as we hope we’ll never have to fall back on data recovery plans, it’s best to prepare for the worst ahead of time. Make that your resolution this year!
Follow-up resources: Data securityRetaining records is important, but unprotected data is a sitting duck. Check out these articles for tips:
The Cost of Proactive vs. Reactive Data Security
Using Multifactor Authentication
Use Task-Based Permission to Tighten Edtech Security
Beware These 5 Threats During COVID-19