Security as an Ethical Responsibility
By Bill Pfohl
As a follow up to my two columns on ethics and technology, please remember that keeping your data safe is a high priority. School psychologists are responsible for some of the most sensitive data in the schools. With the movement to a more digital environment, our data can be more vulnerable than it was just a few years ago. With laptops, desktops, USB drives, and storing data on “clouds” or network servers, it is essential that our confidential information is protected. School networks are sometimes hacked by students. Some students are really sophisticated and knowledgeable about getting into various networks, not to be malicious but as a challenge. Others may want to change information that may impact them, such as a special education record or psychological report. What steps have you taken to review how you keep data safe and secure? This question may also apply to graduate students, who will have confidential information to share with university and field supervisors.
The first thing to consider is who uses or has direct access to your computer? Who may have access to your files or reports? Where do you store your data? Is it on multiple machines, on a network server, or do you carry files with you on a USB drive? Can others, such as supervisors, access your files to add to them or view them? Can the software provide encryption for your files?
The first step for good protection is to have a password to sign on to your computer account. If you share a computer, a separate account can be set up for each user. This simple process can go a long way to protect your data. Your IT coordinator can set up these accounts through the Administrator function of Windows. However, this step may not be enough protection if your computer is connected to any network or if you use the computer to access the Internet or network drive. While accessing other drives (hard drives, networks, or USB) or the Internet, you can inadvertently download a Trojan, spyware, or other such malware. This process can open up your computer information to those outside your office and network.
The next level of security would be a firewall that covers both incoming and outgoing data. Computers are hit within minutes of signing onto the Internet. If yours does not have a firewall, your data is fully accessible to others. Most security packages such as Norton’s, McAfee, etc. have such protection. However, it must be updated regularly. Most security suites can be set to update automatically, but I have found if the computer is turned off when the scheduled update is to be run, it skips it. I manually update my security and OS software every 2 weeks. Microsoft has a new Microsoft Security Essentials for free, but it must be downloaded separately. If your computer is connected/ networked to other computers or you use the Internet, then you need to ensure your OS is updated regularly to close security holes.
You should have the latest “patches” for all software, such as Web browsers, to protect you on the Internet. If you use the Windows OS, then all software including IE, Microsoft Office, and the OS itself have regular updates. If you use third party software, updates are typically available to fix bugs and security holes. Go to the Help menu and click on Check for Updates. If you have this as part of your regular routine, your data is fairly safe but not completely. If you send attached files or data packets over the Internet though e-mail, instant messaging, or other means, it is not secure. You will need to do something in addition to protect them.
Wireless connections add to the complexity of keeping data safe. The person sitting next to you at the local “free Wi-Fi” coffee shop may be accessing your computer information if you are not taking proper safeguards. Most of these free sites are not encrypted, so working on reports or files in such locations could be a real danger. If you must enter a password, it is somewhat protected. The number of people who do not safeguard or update their computer software system is incredibly high. Have your IT department go over your security and make sure all the possible protections are in place and updated.
You can inadvertently “invite” someone onto your computer by clicking on a hyperlink (underlined URL). You are giving them permission to come onto your computer. They can leave malware in place to monitor your actions and keystrokes and access your files. E-mail phishing is an example.
Passwords are essential for data security. I do understand they are troublesome to keep up with. I used a program for my Palm called SplashID for management of all my password-based accounts. You will have to remember only one password! It saved me many times. It is an app for the Apple iPhone/iPad/ iTouch, but it is not as slick as the Palm version. My wife uses an effective index card approach at home, but this would not work in an office setting. You can keep track of all your website logins, as well.
Passwords should be at least six to eight or more characters long. The one I use in my private practice is 10 characters long. I typically recommend including a symbol or two (such as # or ! or ?). Do not use something others know about you— birthday, address, license plate number—or one string of the same number or letters, ABC, etc. If you are daring, use case sensitive passwords. Longer is more secure. A mixture of numbers, letters, and symbols is the most secure. Do not use the same password for all your accounts/ files. One mistake and your data is open to all. I do recommend that your major passwords be changed regularly. My e-mail on AOL was hacked, who knows how, and I had thousands of “sex” pills spams sent for 3 days through my account! I had not changed my password in some time. Now I do!
Set up a “junk” e-mail account to register everything by, so no one can easily access your normal e-mail accounts— and feel safer about your sensitive data. Happy New Year!
National online library of professional development resources
Consortium to Prevent School Violence
Resources for addressing school violence
Florida Center for Reading Research
Excellent site for reading/literacy issues
IRIS Training Center at Peabody College, Vanderbilt University
Great information on RTI and evidence-based interventions
Bill Pfohl, NCSP, is a professor of psychology at Western Kentucky University in Bowling Green, KY. He is president of the International School Psychology Association and a former president of NASP. He can be reached at email@example.com.