Tuesday, April 21, 2020

Students Win in ConnectME (My Education) Approval

On April 14, 2020, the Boulder Valley School District School (BVSD) Board took a giant leap forward to ensure the digital divide, otherwise known as the homework gap, is dramatically reduced for the students of our district. They did this by approving a long term contract with Live Wire Networks to provide over the air broadband to qualifying students for free. This public-private partnership is the culmination of 5+ years of work to close the digital divide in BVSD. It has taken a broad team to support the pilot as we slowly progressed to a scalable district-wide solution.

When the major internet providers did not provide free internet to those in need, and the FCC rules would not allow BVSD to run E-Rated internet into the Boulder Housing Partner facilities, a new way to connect students was needed. As a result, ConnectME launched and Live Wire Networks leaned-in as a partner, putting their FCC-approved equipment on three schools in Lafayette, CO, allowing them to connect over 50 qualified students to free internet.

My drive to close the digital divide has always been about ensuring our district provides every student an equitable opportunity to learn. Our current situation with the Coronavirus and remote learning has shed an intense light on the homework gap and how it is real, even in BVSD. This national blog put out by SHLB (Schools-Health-Libraries-Broadband) further explains the challenges students face without internet access.

Boulder Valley School District has set a local, state, and national precedent in solving the digital divide that we hope others will use as a model to build upon. In addition to Live Wire Networks providing free internet to eligible students, BVSD will also share in the revenue generated by providing an over the air alternative for internet access to the BVSD communities in Boulder, Nederland, Broomfield, Erie, Louisville, Lafayette, and Superior.

I appreciate this tremendous team effort, and I am pleased we will now move from pilot to full implementation. As always, please share your thoughts by chiming in below.

Andrew, CIO Boulder Valley School District


   

Tuesday, January 28, 2020

Multi-Factor-Authentication: The Key to Stopping Ransomware, Malware, and Viruses

Digital safety, security, and data privacy are key topics that the Boulder Valley School District Information Technology team continues to focus on and invest resources to prevent attacks. Although we do apply numerous security measures to protect our networks and data, the human element is the most vulnerable to be exploited through phishing attacks or social engineering. 

It seems there is not a week that goes by without a new story of a business or government agency being exploited. K-12 education is now being targeted, and several school districts delayed the start of school this year because of ransomware attacks. The State of Louisiana even declared a state of emergency due to "severe, intentional security breaches" targeted at school districts. 

The focus of the last decade was implementing strong passwords at BVSD. We require staff and student passwords to conform to industry best practices and be changed every 90 days. This requirement helps ensure that if a password is compromised, access will expire within 3 months unless the hacker resets the password. So what can be done to increase password security? 

In recent years more companies have required Multi-Factor-Authentication (MFA), which protects accounts even if an account’s password has been compromised. This has been true with most financial institutions, businesses, and the State of Colorado who has shifted to require multiple forms of identification as proof when logging in. An example would be a password AND a code texted to you. Or a password AND a code from an “authentication” app such as Google Authenticator, LastPass Authenticator, or Microsoft Authenticator. 

A few years ago, BVSD began requiring MFA in IT and encouraged all other employees to use it voluntarily. Recently, district leadership turned on MFA. As an incentive for BVSD staff and students to transition to MFA, IT has changed the password requirements. Instead of requiring passwords to be changed every 90 days, if MFA is enabled, the user’s password will be valid for one year.

To enable MFA, staff and students may go to my.bvsd.org, scroll to the bottom of the page and click on the Multi-Factor Dashboard icon and follow the instructions. 

Understanding that humans put our data at risk more than any other breach, or system exploitation, we need your help to ensure BVSD student and staff data remains secure. Please support BVSD in keeping sensitive data secure by turning on MFA. 

Please chime in below with your questions, comments, and concerns. 

Andrew Moore, CIO Boulder Valley School District

Tuesday, September 3, 2019

Pearson AIMSweb 1.0 Data Breach – What You Should Know

All,

As you may have heard recently through your Principal or in the media, the Boulder Valley School District found out that it is one of more than 13,000 school districts and universities that have been impacted by a data breach at one of our key vendors – Pearson.

First, it is important to know that this breach impacted current and former Boulder Valley School District students. The breach, although significant, was contained in BVSD to name and date of birth.  No other personal information was breached through this event at Pearson.

This information is being shared so that you are aware of the situation and can better answer any parent or community member questions that may come up.

The Pearson AimsWeb 1.0 Data Breach
BVSD learned in August 2019 that an unauthorized third party gained access to Pearson’s AIMSweb 1.0 system in November 2018.  Pearson was made aware by the FBI in March 2019 but was restricted in communicating to BVSD sooner due to the ongoing investigation.

We have notified individuals directly impacted by the breach by mail. Families would have received a letter by August 30 if they were affected. Pearson is paying for the expense of notifying families and for identity or credit monitoring service through Experian.

It is important to note that at this time, Pearson has no evidence to suggest that the breached information has been misused.

Why was BVSD Using AimsWeb 1.0?
Pearson is best known as the publisher of print and digital textbooks but also develops education-related software. BVSD used AIMSweb 1.0 to track progress, inform instruction, and provide updates to parents. AIMSweb 1.0 was permanently taken out of service in July.

Our own internal investigation found no other Pearson products to be impacted by this breach.

Next Steps
I take the safety and security of our students, staff, and their data extremely seriously – as does our entire leadership team.  BVSD already has many proactive processes in place to help prevent student data breaches, and we continue to reevaluate our processes for improvements.

Additionally, BVSD continues to be in compliance with the Colorado Student Data and Transparency Act and remains vigilant in protecting student data. We will continue to work with Pearson and other vendors to ensure everything possible is done to protect the privacy of student data.

Working together, we can minimize threats, including phishing attacks, viruses, malware, and ransomware.   As always, please chime in below with your thoughts, comment, and ideas on this topic.

Andrew