Your Child’s Information is Being Leaked

Slide Note
Embed
Share

Your Child's Information is Being Leaked. Protect your kids by demanding better data security from the schools. Learn the facts about data security and how to safeguard your child's sensitive information.


Uploaded on Dec 21, 2023 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Your Childs Information is Being Leaked Protect your kids by demanding better from the Schools

  2. THE FACTS ABOUT DATA SECURITY In the first 9 Months of 2021 data from over 1,200 K-12 schools was published online. This Most district s cyber insurance pay for free A child s Social Security number can be sold for includes students' sensitive and identifying Criminal hackers willing to pay for this School boards fail to see cybersecurity investment Government regulations focus on $25 to $35 on the dark web, and the data from the information, from name and date of birth to credit monitoring for staff, but parents are left to 42% of education cybersecurity professionals said they take longer to respond to and stop holiday and weekend incidents Average is less than 8% of their IT budgets budget dollars to beef up IT resources. protecting against outside cyber threats than $10,000. even whether or not they're an immigrant, homeless, or economically challenged. 18% of schools impacted said they use less than 1% of their IT budgets for cybersecurity, Ransomware students at just one school can be worth more social security numbers, health records, and cards or loans in the student s name. 2020 1,196,000 students records impacted by as risk mitigation and do not prioritize allocating schools invading students privacy, not exposed data then use it to try and open credit be their kid s data security and privacy experts. Loop Started

  3. THE FACTS ABOUT DATA SECURITY In the first 9 Months of 2021 data from over 1,200 K-12 schools was published online. This Most district s cyber insurance pay for free A child s Social Security number can be sold for includes students' sensitive and identifying Criminal hackers willing to pay for this School boards fail to see cybersecurity investment Government regulations focus on $25 to $35 on the dark web, and the data from the information, from name and date of birth to credit monitoring for staff, but parents are left to 42% of education cybersecurity professionals said they take longer to respond to and stop holiday and weekend incidents Average is less than 8% of their IT budgets budget dollars to beef up IT resources. protecting against outside cyber threats than $10,000. even whether or not they're an immigrant, homeless, or economically challenged. 18% of schools impacted said they use less than 1% of their IT budgets for cybersecurity, Ransomware students at just one school can be worth more social security numbers, health records, and cards or loans in the student s name. 2020 1,196,000 students records impacted by as risk mitigation and do not prioritize allocating schools invading students privacy, not exposed data then use it to try and open credit be their kid s data security and privacy experts. Restart Loop

  4. Your Childs Information is Being Leaked Protect your kids by demanding better from the Schools

  5. IMPORTANT WEBSITES FOR PARENTS National Sex Offenders Registry - https://www.nsopw.gov Check for Data on Dark Web - https://haveibeenpwned.com/ ID Theft Check Identity Guard - https://scan.identityguard.com/full Common Sense Media: Age-Based Media Reviews for Families | Common Sense Media - https://www.commonsensemedia.org/ Common Sense Privacy Program - https://privacy.commonsense.org/ Data Security: Recent K-12 Data Breaches Show That Students Are Vulnerable to Harm | U.S. GAO

  6. Explaining the GEEK Terminology IP Address Everyone accessing the Internet has a unique number based on their location. Geolocation or Geofencing Finding people close to your location or using your location to impact the application or game. (Feet or Miles) GPS Coordinates Provides your exact location within feet Dark Web - Part of the internet that is intentionally hidden. It cannot be reached with regular search engines or browsers, and instead requires the use of specialized software. Zero Trust (Closed Architecture) Trust no user, application, or device. Allow only after continuous verification, authorization, and encryption. Least Privilege access to data. Multi-Factor Authentication (MFA) Two forms of identification needed. Something you know (Password), something you have (Phone/ID), something you are (fingerprint).

  7. WHAT TYPES OF DATA DO SCHOOLS HOLD? Guess the Data Health Records Parents/Child SSN Child s Name Parents Financials Government AID Child s Contact Info Family Child s School Info History/Court Docs

  8. GOVERNMENT REGULATIONS HIPPA-Federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed. PCI-Set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. NIST -National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data.

  9. GOVERNMENT REGULATIONS FERPA-A federal law enacted in 1974 that guarantees that parents have access to their child s education record and restricts who can access and use student information. FERPA gives parents specific rights to their child s education records. COPPA-Controls what information is collected from young children by companies operating websites, games, and mobile applications. COPPA requires that companies post a clear privacy policy on their site, and provide direct notice to parents, and obtain parental consent, before collecting information from children under 13. COPPA also provides Teachers and other school officials the authority to provide consent on behalf of parents and can approve your child s use of an educational program. Pupil Rights Amendment (PPRA) -Outlines the information students might be asked as part of federally funded surveys or evaluations. For example, surveys might be used to better understand the effects on students of drug and alcohol use, or sexual conduct. They might also seek to understand the impact on students with family backgrounds that include violence, or variations in home life such as family makeup or income levels. PPRA also provides parents with opt-out rights Directory Information-Schools are allowed to publicly share what is called Directory Information such as a student s name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. It might also include email address, a photo, grade level, and participation in sports or other activities. parents wishing to opt-out must clearly request so in writing, within the stated timeframe, that their child s information may not be released to third parties.

  10. GOVERNMENT REGULATIONS FERPA -A federal law enacted in 1974 that guarantees that parents have access to their child s education record and restricts who can access and use student information. FERPA gives parents specific rights to their child s education records. Last Major updated was in June of 2002 COPPA-Controls what information is collected from young children by companies operating websites, games, and mobile applications. COPPA requires that companies post a clear privacy policy on their site, and provide direct notice to parents, and obtain parental consent, before collecting information from children under 13. COPPA also provides Teachers and other school officials the authority to provide consent on behalf of parents and can approve your child s use of an educational program. Last Major updated was in June of 2013 Pupil Rights Amendment (PPRA) -Outlines the information students might be asked as part of federally funded surveys or evaluations. For example, surveys might be used to better understand the effects on students of drug and alcohol use, or sexual conduct. They might also seek to understand the impact on students with family backgrounds that include violence, or variations in home life such as family makeup or income levels. PPRA also provides parents with opt-out rights Last Major updated was in June of 2022 Directory Information -Schools are allowed to publicly share what is called Directory Information such as a student s name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. It might also include email address, a photo, grade level, and participation in sports or other activities. parents wishing to opt-out must clearly request so in writing, within the stated timeframe, that their child s information may not be released to third parties. Last Major updated was in June of 2021

  11. GOVERNMENT REGULATIONS FERPA -A federal law enacted in 1974 that guarantees that parents have access to their child s education record and restricts who can access and use student information. FERPA gives parents specific rights to their child s education records. Last Major updated was in June of 2002 COPPA-Controls what information is collected from young children by companies operating websites, games, and mobile applications. COPPA requires that companies post a clear privacy policy on their site, and provide direct notice to parents, and obtain parental consent, before collecting information from children under 13. COPPA also provides Teachers and other school officials the authority to provide consent on behalf of parents and can approve your child s use of an educational program. Last Major updated was in June of 2013 Pupil Rights Amendment (PPRA) -Outlines the information students might be asked as part of federally funded surveys or evaluations. For example, surveys might be used to better understand the effects on students of drug and alcohol use, or sexual conduct. They might also seek to understand the impact on students with family backgrounds that include violence, or variations in home life such as family makeup or income levels. PPRA also provides parents with opt-out rights Last Major updated was in June of 2022 Directory Information -Schools are allowed to publicly share what is called Directory Information such as a student s name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. It might also include email address, a photo, grade level, and participation in sports or other activities. parents wishing to opt-out must clearly request so in writing, within the stated timeframe, that their child s information may not be released to third parties. Last Major updated was in June of 2021

  12. What the Missouri Association of School Business Officials Is Saying About Security Shared Article Stating: School boards fail to see cybersecurity investment as risk mitigation and do not prioritize allocating budget dollars to beef up IT resources. Shared Article Stating: With less funding, less-than-mature cybersecurity defenses and limited (or even nonexistent) controls over an abundance of sensitive data, educational institutions are prime targets for cybercriminals. Shared Article Stating: School boards don t tend to allocate funding to these security risks. Cybersecurity isn t at the top of most school agendas. Shared Article Stating: District policies should require things like end-user cybersecurity education and awareness, the use of strong passwords and mandates for regular anti-virus scanning. Technology is the third leg of the approach. It should be used to automate certain things like password length and reset periods, as well as keeping software and systems up to date to eliminate vulnerabilities in district computers, tablets, network devices and even learning management tools.

  13. What the Cybersecurity Community Is Saying: NBC ACTION REPORT: Biden administration has made stopping these extremely disruptive attacks a national-security priority, guidance for schools is not yet the focus. Data on the severity of such breaches is also limited as schools are currently not required to report when data breaches occur. Malwarebytes: Parts of the Dark Web "awash" with school children's personal data. Malwarebytes: School cybersecurity is increasingly important, and parent-pressure makes a difference. The MarkUP Watch Group: Over the past six years, a little-known private equity firm, Vista Equity Partners, has built an educational software empire that wields unseen influence over the educational journeys of tens of millions of children. Threat Report: Schools remain a top target for Cyber Attacks. Schools are target rich, resource poor, and lack discipline to adhere to industry best practices. Schools present lucrative sources of personal data that can be used by threat actors, but lack the necessary expertise, modern technology (Password best practices, Application discipline, Zero Trust framework) and funding to protect themselves against increasingly sophisticated threat actors.

  14. WHAT ARE THE DISTRICTS DOING TODAY St. Charles School District Technology Usage Policy Revised 2018 (5 yrs) The Board directs the superintendent or designee to assign trained personnel Content Filtering Online Safety, Security and Confidentiality No Warranty/No Endorsement Parent -Student Handbook and code of Conduct 2022-2023 Internet Usage FERPA COPPA -List of Applications Approved Web-Based Technology List Last updated 2018 (5 yrs) Directory Information Release Name, Photo, Age, Attendance, grade, enrollment, activities/sports, weight/Height for athletics, Honors and Awards Your signature on this Student Handbook and Code of Conduct constitutes your consent for the District to provide limited personal identifying information for your child . District Technology Plan Not updated since 2019 (4 yrs) Tech Committee members listed Only 3 IT out of 30 No Community/Parents Plans Form a student technology committee to solicit input on technology usage in the district.

  15. WHAT ARE THE DISTRICTS DOING TODAY Wentzville COPPA Page USERNAME AND PASSWORD FORMULA The Wentzville School District utilizes a variety of tools to verify privacy policies including CommonSenseMedia Privacy ProgramandStudent Privacy Pledge. Not being followed List of Approved Applications Not Complete Directory Information Release Two Versions revised 2018 (5 yrs) On website What Parents Sign Technology Team No Security Specialist listed 1:1 Access Initiative Not updated since 2018 (5 yrs) Data Governance Policy 5710 Not Being Followed Not updated since 2017 (6 yrs) Only 1 IT professional present RUP Responsible Use Policy Not updated since 2017 (6 yrs)

  16. Directory Information Notice Warnings About this policy: The Wentzville School District may disclose appropriately designated Directory Information without written consent, unless you have advised the District to the contrary in accordance with District procedures. Both Policies offer No difference between in-school activities (yearbook, drama), Outside Organizations, and media releases (social media, news) Allowed to release the following Directory Information (not considered harmful or invasion of privacy): name, grade, address, activities & sports, telephone, photograph, weight & height, date and place of birth, dates of attendance, degrees, honors & awards WSD School does not honor If you do not want the Wentzville School District to disclose directory information from your child s educational records without your prior written consent, you must notify the District in writing within five (5) days after the first day of the school year, or up enrollment. WSD Parents Ask: Allow us to Opt-out of media releases and Outside Organizations, without impacting yearbook and school activities. WSD Parents Ask: FOIA request showed information still be released without consent. Schools Response: (summary of lengthy legal email) The third-party providers are providing institutional services or functions for which the District would otherwise be using its own employees. These providers are under the control of the District with respect to the use and maintenance of this data. These providers school officials under FERPA and authorizes the District to disclose this information to them. Superintendents Response: There was concern about modifying the Directory Information permissions due to the size of the District and our ability to adhere to different levels of permissions selected by parents.

  17. WSD Responsible Use Policy (RUP) Top 6 issues with the RUP the school is forcing on the parents: I.A - Do not share passwords with other or use passwords not belonging to you III-These instructional supports (applications, services, vendors) are vetted through the Technology and Curriculum departments to ensure compatibility with the goals of the WSD. List of approved applications can be found on the technology page. School Approved Software List V WSD will not be responsible for any damages you may suffer. Use at your own risk. V WSD nor its operators may be held liable for any damages arising using their technology VII - Personal blogs should have clear disclaimers that the view expressed by the author in the blog is the author s alone and do not represent the views of the district. Remember to protect one s name, identity and reputation Signing Page I agree to release and indemnify the Wentzville R-IV School District and all other organizations related to the Wentzville R-IV School District s technology resources from any liability or damages that may result from any use of the Districts technology resources. Link to Full Agreement with Comments Link to Signing Page with Comments

  18. 1:1 Access Initiative Top 6 items with the 1:1 Access Initiative the school is not following: 7.2 & 11.1 - Never reveal identifying information in your screen name, profile or conversations to people one does not know. Information such as name, address, phone number, school name, etc should not be openly shared. Do not reveal full name, phone number, home address, social security number, credit card numbers, and passwords to others. 3.1,8.3, 12 -Chromebook (or Mobile Hotspot, if applicable)s must never be left in an unattended vehicle or any unsupervised area which include the school grounds and campus, the cafeteria, computer lab, commons, library, hallways, unlocked classrooms, and dressing rooms 4.1 & 12 Contradicts each other. share with another student OR should be used only by those individuals it is assigned. 8.2 -When students are not using their assigned Chromebook (or Mobile Hotspot, if applicable), they should store them in their locked locker. 9.1 - It does not warrant damage caused by misuse, theft, fires, abuse, accidents or computer viruses. 12 -Student should not share any of their passwords or login information, or allow anyone access to a program, system, or database under their login. Link to Full Agreement with Comments Link to Signing Page with Comments

  19. WSD Data Governance Policy (5710) Top 6 items with the regulation the school is not following: This Committee will be responsible for an annual review of all data governance policies and procedures. Annually, and as requested by the Superintendent, a thorough risk analysis of the District s data networks, systems, policies and procedures will be conducted. Data is classified according to the most sensitive detail which they include. Access Control Access shall be granted on a need to know basis and shall be authorized by the superintendent, principal, immediate supervisor, or Data Governance Committee with the assistance of the Technology Director and/or Data Security Officer. Downloading, uploading or transferring PII, Confidential Information, and Internal Information between systems shall be strictly controlled. Requests for mass download of, or individual requests for, information for research or any other purposes that include PII shall be in accordance with this policy and be approved by the Data Governance Committee Hardware, software, services and/or procedural mechanisms that record and examine activity in information systems that contain or use PII are reviewed by the Data Governance Committee annually. Further, the committee also regularly reviews records of information system activity, such as audit logs, access reports, and security incident tracking reports. Link to Full Agreement

  20. REAL EXAMPLES OF DATA LEAVING SCHOOLS

  21. High Risk Policies Child Usernames -Full Legal First and Last Name (WSD adds GRAD Year) Child EMAIL - Full Legal First and Last Name (WSD adds GRAD Year) Simple or known Passwords and not forced to change WSD and St. Charles has its formula posted on website WSD students must jump through hoops to change password No Multi-Factor Display Names are legal names and can not be changed WSD EMAILS NOT REQUIRED TO BE ENCRYPTED

  22. High Risk Applications (Short Example List) E-Hallpass E-HallpassInformation and BOE Presentation e-hallpass -Privacy Evaluation (commonsense.org)(Scored a 50%) Raptor MO_NDPA_V1_Raptor_1.pdf (a4l.org) Student Daily Attendance, Student Birthday, Gender, School name, Grade Level, Homeroom, Parents Email, Parents Phone, Parent ID Number (Creates link to child record), Parent Full Name, Student Scheduled Courses, Teacher Names, Medical Alerts/Health data, Student Address, Student ID, Student Number, Student full name Illuminate Not on approved school IT page LARGE Nationwide Breach -Illuminate Data Breach Impacts More School Districts Student Daily Attendance, Student Birthday, Gender, School name, Grade Level, Homeroom, Parents Email, Parents Phone, Parent ID Number (Creates link to child record), Parent Full Name, Student Scheduled Courses, Teacher Names, Medical Alerts/Health data, Student Address, Student ID, Student Number, Student full name LOOM Not on approved school IT Page Used by teachers and Administrators Allows for fake or anonymous accounts to chat with students. AP 2021 Open House Video (loom.com) (Santa Clause posted on this video) WSD Back to School Video (Uses anonymous and fake names for posting) Brainly, WeVideo, JamBoard Some approved but all allow for public viewing, public commenting, and show restricted student information

  23. High Risk Applications (Short Example List) E-Hallpass E-HallpassInformation and BOE Presentation e-hallpass -Privacy Evaluation (commonsense.org)(Scored a 50%) Raptor MO_NDPA_V1_Raptor_1.pdf (a4l.org) Student Daily Attendance, Student Birthday, Gender, School name, Grade Level, Homeroom, Parents Email, Parents Phone, Parent ID Number (Creates link to child record), Parent Full Name, Student Scheduled Courses, Teacher Names, Medical Alerts/Health data, Student Address, Student ID, Student Number, Student full name Illuminate Not on approved school IT page LARGE Nationwide Breach -Illuminate Data Breach Impacts More School Districts Student Daily Attendance, Student Birthday, Gender, School name, Grade Level, Homeroom, Parents Email, Parents Phone, Parent ID Number (Creates link to child record), Parent Full Name, Student Scheduled Courses, Teacher Names, Medical Alerts/Health data, Student Address, Student ID, Student Number, Student full name LOOM Not on approved school IT Page Used by teachers and Administrators Allows for fake or anonymous accounts to chat with students. AP 2021 Open House Video (loom.com) (Santa Clause posted on this video) WSD Back to School Video (Uses anonymous and fake names for posting) Brainly, WeVideo, JamBoard Some approved but all allow for public viewing, public commenting, and show restricted student information

  24. NWEA(Northwest Evaluation Association) ASSESSMENT CONTRACT Collects and may share with 3rdParties - NWEA Privacy & Security For PII First, Last, and Middle Name; Date of Birth; Student Identification Number; Personal Characteristics (which may, but does not always, include race, grade, ethnicity, gender, nationality, and language); Economically Disadvantaged Status; English Language Learner or Migrant Status; Homeless Status; Disability, Accessibility, or Accommodation Status; EmailAddress, Name of School and Date of Enrollment; Telephone Number; Assigned Courses and Instructors; geographic location data, logs and other communication data, and the resources that Users access and use on or through the Assessment System; device, mobile device, and network or Internet connection; including the device's unique device identifier, IP address, operating system, browser type, geographic location, and mobile network information; Assessment scores; Assessment responses and response times; Item responses and response times; Growth and norming information; and Assessment interaction behavior such as completed, paused, suspended, or terminated tests. https://www.nwea.org/news-center/press-releases/nwea-awarded-4-5-million-to- support-expansion-of-college-and-career-ready-standards-aligned-content-for-map- growth/ https://www.gatesfoundation.org/about/committed-grants/2018/11/opp1202433 https://www.nwea.org/blog/2021/before-the-national-outrage-why-young-kids-need- to-be-taught-about-racism/ https://www.nwea.org/our-mission/educators-for-equity/

  25. WSD IMPACTED Data Leaks or Breaches What is a Leak or Breaches: Unauthorized access to private, sensitive, or confidential personal and financial data of the customers or users. A Leak comes from within the business to outside. A Breach comes from outside the organization inward. Data Leaks or Breaches impacting WSD? Leak-Aug 28th 2020 -Padlet 30 Students Students Names, Photos, Family Details, and Interests posted on a public website Leak September 9th2020 - Padlet 80 Students+ Students Names, Photos, Family Details, and Interests posted on a public website Breach Notified School 2021 CANVA -681 Students and Staff District Wide Breach February 14th, 2019, May 19th, 2019, September 3th , 2019 School Response This was not a breach of the Wentzville School District's system Leak October 4th, 2021 -Lunch System All Students Username and Passwords verbally told to administration and recorded on paper in site of students Leak December 8th, 2020 Library System All Students Usernames and Passwords sent out in emails Breach August 8th, 2020 Brainly Unknow Adult males on applications chatting with female students School Response: If inappropriate comments have been made to an account, you have two options to report this to the company.

  26. What Can Parents Do? You are still the parent. You can say NO Join the SCCITT (IT Parent Oversight Committee) Read the Privacy Policies looking for key terms IT S GAME TIME

  27. Key Terms To Watch For In Privacy Policies? Key terms In Privacy Policies 3rd Party Access Purpose of Software DATA Collected Notification Policy GPS or Tracking DATA Security Can you Control your data Age for Use

  28. What Can Parents Do? You are still the parent. You can say NO Join the SCCITT (IT Parent Oversight Committee) Read the Privacy Policies looking for key terms Ask school what data is being shared and review contracts Search internet for users' experiences Ask the Teacher/Child for access and look for: IT S GAME TIME

  29. WHAT TO LOOK FOR WITHIN THE APPLICATION What to Look For Chat Rooms Social Media Guest/Outside Access Other students work Geo-Location Used Public Links Content

  30. What Can Parents Do? You are still the parent. You can say NO Join the SCCITT (IT Parent Oversight Committee) Read the Privacy Policies looking for key words Ask school what data is being shared and review contracts Search internet for users' experiences Ask the Teacher/Child for access and look for SPEAK UP AT BOE MEETINGS, DEMAND TO BE HEARD IT S GAME TIME

  31. TOPICS FOR BOARD MEETINGS Addressing the BOE Enforce/Strengthen Policies Protect Privacy Demand Audit Visibility Report Issues Strengthen Accounts Deploy Zero Trust Demand Applications have certifications Limit Applications

  32. What Can Parents Do? You are still the parent. You can say NO Join the SCCITT (IT Parent Oversight Committee) Read the Privacy Policies looking for key words Ask school what data is being shared and review contracts Search internet for users' experiences Ask the Teacher/Child for access and look for SPEAK UP AT BOE MEETINGS DEMAND TO BE HEARD Demand Application Certifications ISO 27001 Great Certification SOC 2 TYPE II Good Certification NIST Accredited Applications Good for School Controls Independent Rating Systems Report Awesome because this adds stability and Accountability

  33. Lets Put It To Practice (NWEA Example)

  34. Lets Put it to Practice (NWEA Example) Awards received from the Bill & Melinda Gates Foundation and Charles and Lynn Schusterman Family Foundation - Sole contributor to the NWEA, named one of their 3rd Parties To develop, curate, and deliver standards-aligned items tailored to each student and improve educator and parent use of MAP Growth result - Bill & Melinda Gates Mission NWEA Believes all kids need to be taught about Racism Mission & Course Material Learn more about this innovative research partnership. Topics: Assessment, Education research, Equity, Leadership, Social emotional learning. Course Material BLM MOVEMENT Support- We ll discuss how systemic racism cuts across many aspects of our lives, dialogue with other NWEA students on their experiences with BLM and conversations about race, and share resources on where to go for further exploration on these topics. - Video on NWEA Web Page Bill & Melinda Gates foundation supports and provides information to the Democratic National Convention Believe in equitable test questions and not showing parents the questions or answers How can I see the questions my child saw along with their responses? One of the things that we are passionate about at NWEA is making sure that tests are equitable for all students. One of the key components to ensuring equity in testing is making sure that our test questions (also called test items ) are not seen by students before their test and are only seen by any student once. Because of how we measure a student s achievement using adaptive items, they are considered secure test content, and as a result, we do not share the questions that were seen on any given test. Leveraging Data for Equity - We believe that student-centered instruction is the basis of an equitable educational practice. Identifying where and how equity enters is the first step in eliminating barriers to access and opportunities that put students at a disadvantage. https://dpdol.nwea.org/public/equitypl/EquityPL_EquityStatement_External.pdf MO-MAP-Growth-Linking-Study-Report-2021-06-21.pdf (nwea.org) - Link to public Report Once state score information was received by NWEA, each student s state testing record was matched to their MAP Growth score by using the student s first and last names, date of birth, student ID, and other available identifying information.

  35. How Do Pedophiles Gain Access? FACTS BEFORE PROCESS Convicted Sex Offenders know how to work the system 500,000 online predators each day In 2017, the Supreme Court of the United States ruled that barring sex offenders from social media sites was a violation of the First Amendment Sex Offenders are not restricted from using Apps for all ages School information can be used to create the initial toxic bound Children and Grooming / Online Predators | Child Crime Prevention & Safety Center 10 Ways Internet Predators Groom Children Online

  36. How Do Pedophiles Gain Access? 1) Identify their target or path to targets USE SOCIAL MEDIA TO FIND THE KIDS School Facebook, Twitter, YouTube, Instagram Teacher Facebook, Twitter, YouTube, Instagram, Padlet Start documenting facts, issues, and hobbies for kids

  37. How Do Pedophiles Gain Access? 1) Identify their target or path to targets USE SOCIAL MEDIA TO FIND THE KIDS 2) Use school website to identify policies and applications Look for applications with weak security Zoom, Brainly, Gmail Directory Find login information

  38. How Do Pedophiles Gain Access? 1) Identify their target or path to targets USE SOCIAL MEDIA TO FIND THE KIDS 2) Use school website to identify policies and applications Look for applications with weak security 3) Use Dark web to look for breaches Locate Passwords, Links, Access Rights

  39. How Do Pedophiles Gain Access? 1) Identify their target or path to targets USE SOCIAL MEDIA TO FIND THE KIDS 2) Use school website to identify policies and applications Look for applications with weak security 3) Use Dark web to look for breaches Locate Passwords, Links, Access Rights 4) Make Contact Log into systems, pose as another student, use applications Start using games to further contact

  40. Making Contact

  41. Setting The Trap With Kids Games ROBLOX Uses Geo-Location Allows users to see exact location Roblox allows players to build and publish their own games. Several games contain adult or inappropriate themes for child. Players can use the communication features of Roblox to talk to one other while they are playing Allows use of School Authentication for access (If permitted by School) Heavily used by Sex Offenders -There have been multiple reports around the world of children being targeted by predators and with inappropriate content around the world. Roblox Is A Cesspool Of Child Abuse According To New Report (thegamer.com)

  42. Child sex trafficking is Growing There are an average of 30 million people being trafficked worldwide The average lifespan of a trafficking victim is 7 to 10 years from the time they started being trafficked All ethnicities are at risk Average age of domestic sex trafficking victims is 13 years old Stop Human Trafficking in Missouri -Department of Public Safety (mo.gov) Trafficking Facts & Statistics -Together Freedom

  43. Cybersex trafficking is Growing Perpetrators fake a romantic relationship with the victims on applications to exploit them. Perpetrators will convince victims to perform the sexual acts. They can perform these sexual acts through tools such as webcams. More common on social media is to send pictures or videos. Targets School Age Kids that are victims of bulling Cybersex trafficking occurs commonly on some dark websites, where users are provided sophisticated technical cover against identification. Adolescents can use Applications and social media to explore their sexuality Cybersex trafficking occurs on Skype, Zoom, and other videoconferencing applications. Pedophiles direct child sex abuse using its live streaming services.

  44. Reasons Why Schools Distribute Data Free Software Free Access to Other School s Data Financial Payment (EF Tours, Explorica, NETC) Teachers earning Global Rewards Points by enrolling students. Free paid vacations to amazing places like the French Riviera, Rwanda, and South Korea or any vacation to any of the destinations listed on the website. VIP access to the Tour de France or our Ashridge Executive Education program housed at EF s very own castle. Redeem Global Rewards Points for cash. Earn free vacations for their families. Hundreds of applications, big and small, are being used at schools across the country to do everything from track homework to modify behavior. They can collect data about intelligence, disciplinary issues, personalities and schedules. Example: Thrively

  45. Companies Data Mining (2019) Google also has a significant amount of K12 LMS data because of the popular Classroom system. LMS companies: Instructure (with its Canvas system that is native cloud hosted) has by far the most student data. Then we have D2L, Blackboard (Learn as well as Open LMS) and then Schoology.

  46. Additional Sources: Hackers are leaking children s data and there s little parents can do (nbcnews.com) Student Data Security and Privacy Must Be Taken More Seriously --THE Journal https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/800-53 How to Prepare Your School for a Cyberattack with Limited Resources --THE Journal Student Data Security and Privacy Must Be Taken More Seriously --THE Journal The Educator s Guide to Student Data Privacy ConnectSafely K-12 schools lack resources, funding to combat ransomware threat | Cybersecurity Dive Education company McGraw Hill exposes student data on unsecured cloud storage - SiliconANGLE

Related


More Related Content