Digital safety, security, and data privacy are key topics that the Boulder Valley School District Information Technology team continues to focus on and invest resources to prevent attacks. Although we do apply numerous security measures to protect our networks and data, the human element is the most vulnerable to be exploited through phishing attacks or social engineering.
It seems there is not a week that goes by without a new story of a business or government agency being exploited. K-12 education is now being targeted, and several school districts delayed the start of school this year because of ransomware attacks. The State of Louisiana even declared a state of emergency due to "severe, intentional security breaches" targeted at school districts.
The focus of the last decade was implementing strong passwords at BVSD. We require staff and student passwords to conform to industry best practices and be changed every 90 days. This requirement helps ensure that if a password is compromised, access will expire within 3 months unless the hacker resets the password. So what can be done to increase password security?
In recent years more companies have required Multi-Factor-Authentication (MFA), which protects accounts even if an account’s password has been compromised. This has been true with most financial institutions, businesses, and the State of Colorado who has shifted to require multiple forms of identification as proof when logging in. An example would be a password AND a code texted to you. Or a password AND a code from an “authentication” app such as Google Authenticator, LastPass Authenticator, or Microsoft Authenticator.
A few years ago, BVSD began requiring MFA in IT and encouraged all other employees to use it voluntarily. Recently, district leadership turned on MFA. As an incentive for BVSD staff and students to transition to MFA, IT has changed the password requirements. Instead of requiring passwords to be changed every 90 days, if MFA is enabled, the user’s password will be valid for one year.
To enable MFA, staff and students may go to my.bvsd.org, scroll to the bottom of the page and click on the Multi-Factor Dashboard icon and follow the instructions.
Understanding that humans put our data at risk more than any other breach, or system exploitation, we need your help to ensure BVSD student and staff data remains secure. Please support BVSD in keeping sensitive data secure by turning on MFA.
Please chime in below with your questions, comments, and concerns.
Andrew Moore, CIO Boulder Valley School District