Best Practices for

Internet Security
In K-12 Schools

Achieving the delicate balance between keeping students

safe while simultaneously introducing new and emerging
technologies to meet student needs is a complex process. In
this document we share resources and best practices for
school districts.

The Stephens Group LLC

1/19/2009
 Best Practices for Internet Security
Jan. 19

Web 2.0 applications are really the rage now. With limited budgets, Web 2.0 applications can
provide free access to online software and storage. They can also help make learning more
interactive and meaningful for students. Yet at the same time school districts have concerns
about protecting student safety on the Internet and protecting their systems. In our consulting
work a number of districts have asked for advice on what the best practices for Web 2.0
technologies are. Below are some resources we put together to help.

Taking a Layered Approach to Internet Safety

A recent article in The Journal by Andy McDonough entitled More is More (2008, p. 10)
advocates taking a multi-layered approach in which no one solution is more important than any
of the others.

A multilayered approach should include things such as:

• Up to date policies that include uses of Web 2.0 applications

• Admin rights and computer passwords
• Safe email program with anti-spam filters
• Internet Content Filtering
• Ongoing Internet education for staff and students

Acceptable Use Policy (AUP)

Districts need to create and enforce a clear and precise acceptable use policy. Student AUPs
should be in kid friendly language. They should also be living documents that are updated
regularly to include emerging technologies such as Web 2.0 tools. There also need to be
procedures in place of what will happen if students and staff do not follow the acceptable use
policy.

A good resource for developing Acceptable Use Policies and issues administrators should be
aware of is at http://www.ctap4.org/cybersafety/admin_resources.htm .

I also liked some of the language used in the Ashwaubenon School District Acceptable Use
Policy.

It is impossible to completely define unacceptable use, however, for the purpose of

illustration, some examples are:

• Sending or displaying offensive messages or pictures;

• Using offensive or obscene language;
• Harassing, insulting, threatening or attacking others, including racial or sexual
slurs;
• Damaging equipment or networks;
• Violating copyright laws;
• Using others’ passwords;
• Trespassing in others’ folders, work or files;

2
 Best Practices for Internet Security
Jan. 19

• Unauthorized access such as hacking;

• Intentionally wasting resources;
• Regularly employing the technology for commercial, political or religious
purposes.

Professional Development
It is not enough to have a policy. “Holding a one-shot professional development workshop to
familiarize staff with the district AUP is not sufficient. Policy reviews should be done on a
regular basis and suggests posting the document on the district website” (McDonough, 2008, p.
9).

Student Education
Students need education on safe Internet Practices. Students need education. “This is not simply
a one-time Internet safety class. There should be ongoing age-appropriate instruction from the
time students are allowed online and continued throughout their education”(McDonough, 2008,
p. 10).

Different Levels of Access

Schools need to determine different levels of access and policies for students as well as
educators and administrators. Educators also need a procedure for getting educational content
unblocked in a timely fashion.

Two Way Communication between the IT Department and End Users

The IT Department and end users need to work together and have processes in place for regular
two-way communication on these complex issues. Security policies need to be transparent and
shared with all stakeholders and a community of trust needs to be developed between both
groups in which they see themselves as partners in providing educational content and safe-
practices for students. End users need to be aware and follow best practices for security. There
also need to be regularly scheduled meetings between the IT staff and end users to give feedback
on how district policies are working from the classroom perspective.

The Consortium of School Networking (CoSN) Cybersecurity initiative has a online survey that
can serve as a self assessment of where your district falls in terms of security available at
http://www.securedistrict.org/assessment/checklist.cfm .

They also have a very helpful checklist of questions your district should be able to answer at
http://www.securedistrict.org/safewired/checklist.cfm . These would be great questions for
your committee made up of the IT Department and end users to answer together.

Standardization
It is a best practice to standardize hardware and software in a district. Having fewer software
applications or platforms, makes it easier and more efficient for technicians to support. In
reality, projects that require students to utilize higher-order thinking skills, solve problems, and
use technology as a communication tool do not require an abundance of software to do this.

3
 Best Practices for Internet Security
Jan. 19

As districts move ahead in integrating the Wisconsin Information Technology Standards and 21st
Century skills into the curriculum, we predict that teachers will become less reliant on curricular
software. We also predict a rise in subscription based software and the use of Web 2.0 tools such
as blogs and wikis.

Killer Collaboration Tools

Three killer collaboration tools that we feel every school district should allow students to have
access to include student email accounts, blogs, and wikis.

Student Email
ePals is a free email program specifically created for k-12 students. They are sponsored by
corporate sponsors such as the National Geographic Society and Intel. Ads never appear in
student emails. ePals complies with the Children’s Online Privacy Protection Act, the Children’s
Internet Protection Act and the Family Educational Rights and Privacy Act Standards.

Educators can adjust protections and access settings according to the different needs and ages of
students. Teachers can monitor all incoming and outgoing email, block or regulate attachments,
limit correspondence to certain classrooms or students.

Blogs
One of the powerful things about blogs is it allows students to write to an authentic audience.
Blogs have been shown to improve writing. A report by the Pew Internet & American Life
Project(Lenhart, Madden, & Hitlin, 2005), entitled Writing, Technology, and Teens reports that
teen bloggers are far more prolific writers than their non-blogging counterparts.

Teachers should moderate student blogs. If students are blogging on the Internet student
anonymity should be used. Blogs can also be private and set up so that a log-in is necessary for
reading and posting.

Blogger and Wordpress are the nice blogging applications. Wordpress also allows for download
and installation on your local server. You can host your own blogs locally with this tool.

ePals also has a nice blogging option specifically designed for K-12 schools. You can register and
include your entire school or district.

Wikis
Wikis provide collaborative spaces for students to construct meaning together. Wikis can also be
set up so that they are private for reading and posting. One of the nice features of wikis is that it
has a history tab and you can see who has posted what content.

Applications that have safe Internet Practices Within Them

We are starting to see more applications that have Web 2.0 applications built into them. One
example would be Moodle, a free course management system. Moodle allows users to
participate in password protected discussion boards, have internal email accounts and you can
even set up a class wiki.

4
 Best Practices for Internet Security
Jan. 19

Adequate Bandwidth
Another area school districts should be proactive in is making sure that they have enough
bandwidth to support Internet use for teaching and learning. As Web 2.0 tools emerge and
evolve they have powerful implications for education. However, if we don’t build infrastructures
that have the capacity to deliver what we need, we won’t be able to effectively use these tools
with students. With declining budgets, I see more and more school districts that are not keeping
up with where they need to be bandwidth-wise for the 21st Century.

A good resource for learning more about bandwidth in K-12 schools is the CoSN Broadband
Knowledge Center at
http://www.cosn.org/broadband/index.php?option=com_frontpage&Itemid=1 .

References:

Lenhart, A., Madden, M., & Hitlin, P. (2005). Teens and technology, Youth are leading the transition to a
fully wired and mobile nation: Pew Internet & American Life Project.

McDonough, A. (2008). More is more: No one solution can defend K-12 computer networks against the
proliferation of digital threats. The Journal, October 2008, 8-11.