Data Security Review

Important Update for New York Schools: NYSED Comprehensive Data Security Reviews

In NYS Law 2-D, Compliance, Cybersecurity, Technology Reviews by Kendra Webb-Scott

The New York State Education Department’s Information Security Office (NYSED) has announced a significant initiative that will affect all Local Education Agencies (LEAs) across the state. NYSED will begin a thorough examination of the data security measures currently employed by schools. This initiative aims to bolster the overall security framework of LEAs, ensuring that student and staff data are adequately protected.

What is the NYSED LEA Data Security Review?

In January 2024, the NYSED Information Security Office started contacting LEAs to set up virtual appointments for their data security reviews – giving each LEA plenty of time to assess and enhance their data security strategies to meet compliance requirements. The reviews are guided by Education Law 2-D, Part 121 of the Commissioner of Education’s regulations, and the NIST Cybersecurity Framework (CSF). These frameworks dictate the necessary protections and provide a foundation for robust data security practices.

Key Focus Areas of the Review

The review will specifically look into three critical areas:

  • Policies: This includes everything from Acceptable Use and Password policies to Incident Response and Disaster Recovery plans.
  • Controls: Controls such as Multi-Factor Authentication, Password Complexity, and regular security training for staff will be scrutinized.
  • Third-Party Oversight: How data is shared, where it is stored, and the security measures third parties implement will also be evaluated.

Potential Impact and Recommended Actions

Should any issues arise during the review, NYSED will work closely with the Superintendent and Data Protection Officer of the affected LEA to develop corrective strategies. To prepare, LEAs are advised to take several proactive steps:

  • Update Policies: Ensure all your policies are current and reflect best practices in data security.
  • Enhance Controls: Improve your authentication protocols, password policies, and access controls.
  • Strengthen Third-Party Security: Review and secure the way your data is handled by external partners.

Why It Matters

This comprehensive review is not just a compliance exercise; it’s a crucial enhancement of your school’s security posture. By aligning your practices with the recommended standards, you not only safeguard sensitive information but also build trust within your community.

How to Prepare

  1. Review Your Current Security Measures: Make sure they are up to date and comprehensive.
  2. Engage with Experts: Consider partnering with cybersecurity specialists, like IKON EduTech Group, to ensure your systems are robust and secure.
  3. Enroll in a Managed Risk and Compliance Program: Continuously improve your security measures through ongoing professional support.

Preparing for this review is a significant step toward demonstrating your commitment to data security. If you need help implementing the appropriate security measures, do not hesitate to reach out for professional assistance. At IKON, we are dedicated to supporting K-12 schools in maintaining the highest standards of cybersecurity.

Stay proactive, stay secure, and prepare to meet NYSED’s standards with confidence. CLICK HERE to download our complimentary Quick Guide to NYSED LEA Data Security Reviews.