Campus Links

Cybersecurity and Data Privacy

Data Privacy PolicyGoose Creek CISD has taken action to ensure that all student data is handled securely and in compliance with all state and federal legislation. Through rigorous processes and high standards of compliance, our goal is to not only abide to state and federal law, but to provide students, parents, and our community with the resources and information needed to protect student privacy. This is accomplished by a process of continual improvement of security practices. The district employees the principle of least privilege and role based security to ensure that data is only accessed by those that have a legitimate educational purpose. A multi-layered defense is also employed to ensure that your data remains protected. As the technology landscape is constantly changing, these processes are reviewed at least annually to make sure they are still relevant and provide strong protection. In an effort to achieve these goals, the Goose Creek CISD Technology Department seeks to implement the following programs:

 

  • Trusted Learning Environment Seal Program - The CoSN Trusted Learning Environment (TLE) Seal program is the nation’s only data privacy framework for school systems, focused on building a culture of trust and transparency. The TLE Seal was developed by CoSN in collaboration with a diverse group of 28 school system leaders nationwide and with support from AASA, The School Superintendents Association, the Association of School Business Officials International (ASBO) and ASCD. School systems that meet the program requirements will earn the TLE Seal, signifying their commitment to student data privacy to their community. TLE Seal recipients also commit to continuous examination and demonstrable future advancement of their privacy practices.

    On May 12, 2022, CoSN awarded the Trusted Learning Environment (TLE) Seal to Goose Creek Consolidated Independent School District (GCCISD). The TLE Seal is a prestigious national distinction that school districts earn for demonstrating a commitment to protecting student data through modern, rigorous policies and practices.

    CoSN TLE Seal for GCCISD until May 2024


  • Texas Cybersecurity Framework - The Texas Cybersecurity Framework is a self-assessment to determine cybersecurity risks. While local governments and K-12 organizations are not required to submit a Cybersecurity Plan to the State, using the framework helps to align security goals and practices with other government entities and institutions of Higher Education across the State of Texas.

 

The district uses data to support a variety of processes throughout the district including supporting student learning, evaluating teachers, improving instructional and operational practices, and complying with various state and federal requirements. For more information on who uses student data, see this infographic.


GCCISD uses many applications to encourage learning through innovation. See this page for more information on approved/denied applications and the process for requesting a free or paid app.

 

Website Privacy Policy: Goose Creek Consolidated Independent School District (Goose Creek CISD or GCCISD) is committed to respecting and protecting your privacy as a visitor to our websites. This includes the Here, We Grow Giants site. We will only collect, store and use your personal information for defined purposes. Goose Creek CISD values accountability and transparency at all levels including ensuring that student data privacy and security are a top priority. For more information on what data is collected as well as records management, see the Data Governance tab.

Student Data Collection and Security Fact Sheet

Data Governance Guidelines

* Handbooks, procedures and guidelines are reviewed at least annually to provide updates that align with changes in laws/regulations and the constantly changing technology landscape. 

 

Records Management Board Policies

CPC (LEGAL) - OFFICE MANAGEMENT: RECORDS MANAGEMENT

CPC (LOCAL) - OFFICE MANAGEMENT: RECORDS MANAGEMENT

FL (LEGAL) - STUDENT RECORDS

FL (LOCAL) - STUDENT RECORDS

*Board Policy is reviewed regularly to ensure that they align with all current laws and regulations.

Scam of the Week: MFA Prompt Bombing
07/27/2022

Multi-factor authentication (MFA) provides an extra layer of security for your accounts, but it’s important to think before you click. Cybercriminals can use an attack method called MFA prompt bombing to get around MFA protections and overwhelm you with prompts via email, text message, or phone call.

For example, cybercriminals may attempt to log in to an account using your credentials. Then, they’ll request a phone call MFA verification, which is sent to the phone number you use for MFA. Cybercriminals will often request these verifications late at night when you’re asleep and unprepared. If you accept the phone call and press the button to verify your identity, you may grant the cybercriminals access to your account. Once the cybercriminals bypass your MFA, they can use your account to achieve their malicious goals.

Don’t let MFA give you a false sense of security. Follow the tips below to stay safe from MFA prompt bombing scams:


  • Never approve an MFA notification you didn’t request. If you have a shared account, verify the MFA request with the other account holder before taking action.
  • If you receive an MFA notification you didn’t request, immediately change your password for the associated account. You should also consider updating your passwords for any accounts that use the same credentials.

 

Create unique, strong passwords for each of your accounts. Without your password, it’s difficult for cybercriminals to reach the MFA step of the login process.


Security Tips - Multi-factor Authentication
07/17/2022
What is it?

Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. If you're reading this from your work computer, you probably logged in to your computer - that's single-factor authentication. But single-factor authentication is no longer enough to keep your accounts secure. Learn more below about the various ways you can digitally authenticate your identity.


Understanding the Types of Identity Claim Factors:

  • Something you own. This is using a mobile phone or device that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, or voice call. You then enter this code, and for successful authentication, your code must match what is expected by the service you’re attempting to log in to.
  • Something you know. This is something you’ve memorized or stored somewhere, such as a PIN. You must supply the correct PIN to log in to your device or service.
  • Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you’re claiming to be.

Why do I need it?

In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in.


Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication. Consult your IT or Security department to see if your organization has a preferred method of multi-factor authentication.


The KnowBe4 Security Team
KnowBe4.com


Scam of the Week: Watch Out for Celebrity Cryptocurrency Scams
07/06/2022

Cryptocurrencies, such as bitcoin and non-fungible tokens (NFTs), continue to gain popularity with people all over the world. Celebrities are often hired to advertise cryptocurrency projects and investment opportunities. However, a star-powered endorsement doesn’t guarantee that you’ll get a good deal.

After building a cryptocurrency scam, cybercriminals boost the scam with fake endorsements. The cybercriminals usually impersonate public figures who have previously promoted cryptocurrency to make the endorsements seem legitimate. The endorsements are meant to influence you to invest in their cryptocurrency scam. If you fall for one of these scams, you will not see a return on your investment. Instead, you’ll put your money directly in the hands of a cybercriminal.

To protect yourself against cryptocurrency scams, use the following tips:

  • Never trust a get-rich-quick scheme. If something seems too good to be true, it probably is.
  • Cryptocurrency scams are usually recognized and shut down quickly. If you see a new cryptocurrency opportunity, wait before investing. If the cryptocurrency project is still active after several days, it is less likely to be a scam.
  • Remember that celebrities get paid to endorse cryptocurrency. If you want to invest in cryptocurrency, do your own research instead of trusting a celebrity endorsement. Look for long-standing cryptocurrency projects that follow your country’s financial regulations.

Security Tips - Stay Safe While Working in Public Locations
07/04/2022

It’s important to protect your information from cyberattacks no matter where you are, especially when working at the airport or a local cafe. If you don’t follow your organization’s cybersecurity practices while working in a public location, cybercriminals can steal your information when you least expect it.


Follow the tips below to protect your information from cybercriminals while working in public locations:


Only join safe networks.
  • When you log on to your work device from a public location, make sure to use a Virtual Private Network, or VPN. VPNs create a private network and encrypt your internet activity to protect your information from cybercriminals.
  • Only join safe Wi-Fi networks. Don’t allow your devices to automatically connect to public Wi-Fi networks, and don’t connect to random hotspots.
  • Disable Bluetooth on your devices when you aren’t using it. Don’t allow unauthorized devices to connect to your device via Bluetooth.

Be cautious when in public.
  • Avoid using public charging stations or chargers that you find lying around. cybercriminals can use fake charging cords or USB plugs to upload malware onto your device. It’s best to use your own chargers when possible.
  • Don’t use public computers to work on important projects. Many public locations such as hotels have “business centers” with computers that you can use for free. These computers may contain keyloggers or other malware, so use them with caution.
  • Look out for fake QR codes, or “quick response” codes. Public locations such as restaurants or airports may prompt you to scan QR codes for deals and offers. cybercriminals can embed malicious URLs into fake QR codes, which could result in malware being downloaded onto your device.

Protect sensitive information from bystanders.
  • If you need to make a business call in public, be sure to use headphones. Don’t allow bystanders to overhear sensitive work information.
  • Turn screens away from public view when possible. Don’t leave sensitive information on your screen for long periods of time.
  • Don’t leave your devices unattended. If you need to use the restroom or step away for a moment, take your belongings with you so that cybercriminals can’t steal them.

Privacy & Security Discussion Topic Ideas


Phishing Emails
- Have you noticed any phishing emails to share with others? What clues did you notice that made you aware that it was not legitimate? How should these emails be reported? Should general SPAM be reported as Phishing?

Social Engineering
- Have you received phone calls using social engineering techniques trying to get you to give information to someone that you do not know? What did you do to verify their identity before sharing information?

Current Events
- What are some recent cyber attacks or data breaches in K-12 from news sources? How we can better be prepared to prevent a similar attack at Goose Creek CISD?
- What recent cybersecurity/data privacy news have you seen and how could it impact us?
- What are upcoming/recent laws or regulations around privacy and cybersecurity that would impact Goose Creek CISD?

Applications & 3rd Party Systems
- Have you used a new app, program, or website lately? Did you make sure you knew what data is being collected/transmitted and if it is being protected? How did you verify?
- Why is it important to vet our applications for security, privacy, or content concerns?
- Thinking about using a new app? Discuss the vetting process and assign someone to submit it for review.

Data Privacy Webpage
- What data do you collect on students? Review the Data Fact Sheet.
- Review resources on Data Privacy site

Data Breach Notice
- If you became aware of a potential data breach, who would you notify?
- What is the role of the District's cybersecurity coordinator? Who is this at Goose Creek CISD?

Data Privacy Curriculum
- How are you implementing data privacy in your classrooms?
- How do you integrate the Digital Citizenship Curriculum in your classrooms?
- What discussions have you had with students, parents, teachers, or staff about privacy/security?

Disaster and Recovery
- How do we protect data when in a disaster (fire, flood, hurricane, cyber attack, school shooting, etc)?
- How would we recover from a disaster and is that documented?

Cybersecurity and Privacy Training
- Has everyone completed the required trainings on Cybersecurity and Privacy?
- What is something each person learned from the Texas Cybersecurity training.
- What is Board Policy CQB and why is it important?

Handbooks

Employee Handbook

Student Handbook (English)

Student Handbook (Spanish)

* Handbooks, procedures and guidelines are reviewed at least annually to provide updates that align with changes in laws/regulations and the constantly changing technology landscape. 

 

Board Policy

CQB - Cybersecurity

*Board Policy is reviewed regularly to ensure that they align with all current laws and regulations.

 

Laws/Regulations

FERPA - Family Education Rights and Privacy Act

PPRA - Protection of Pupil Rights Amendment

COPPA - Children's Online Privacy Protection Act

CIPA - Children's Internet Protection Act

 

GCCISD Resources

Agenda Discussion Topics

Security Access Procedure

GCCISD Digital Safety

Digital Citizenship Curriculum

 

Are you considering an application?

Is the app already approved or denied?

 

You must follow the approval process to request apps for student use. Teachers may research apps they wish to use. Consider the resources below before using a third-party application (website or app). If you feel the app is a good candidate, please follow the approval process listed below or on the Ed Tech webpage.

 

  1. First ask yourself these questions:
    Checklist for Choosing Tools Worth Your (and Your Students') Time
    Educational App Evaluation Checklist

  2. Second make sure you understand how the data is being used. To protect student data as well as the security of other district systems, you need to understand the importance of App Vetting. Things to look at are the privacy policy, is the data encrypted, can you request deletion of data, is the data strictly used for educational purposes, is the data protected, is the app appropriate for the targeted age group, etc.
    What is App Vetting and Why is it Important?
    Vetting Apps Across the District (RED FLAGS to watch out for)

 

Vetting Process

iPad App Approval Process

iPad App Approval Workflow

 

Data Privacy

Educator's Guide to Student Data Privacy

Protecting Student Privacy While Using Online Educational Resources

Privacy Basics - Facebook

Privacy Basics - Twitter

 

Laws, Regulations and Standards

COPPA 101

FERPA 101

ISTE Standards for Modeling Digital Citizenship

 

Ransomware

Ransomware References for IT Staff

Ransomware References for Teachers and School Administrators

Press ENTER key to focus on the active panel