Your Back-to-School Guide to FERPA and Student Data Privacy

Maintaining your students’ data privacy and keeping your own records secure should be at the top of your checklist for this school year. Educational institutions are a prime target for cyber attacks, with 2,691 data breaches, affecting nearly 32 million records, and should be prepared to mitigate any risks from bad actors and maintain compliance with the Family Educational Rights and Privacy Act (FERPA).

What is FERPA and Why Does it Matter?

FERPA is a federal law in the United States that was enacted in 1974 to protect the privacy of student education records. FERPA applies to all educational institutions that receive federal funding, which includes most public and private K-12 schools, colleges, and universities.

The main purpose of FERPA is to give parents and eligible students – students who are 18 years or older or attending a post-secondary institution – certain rights regarding the privacy of their educational records.

FERPA is important in maintaining the confidentiality of educational records and ensuring that students’ privacy is respected and safe. Ensuring the confidentiality of your student records in a landscape where attacks are a constant threat should be top-of-mind for any IT department. Thrive offers cybersecurity services tailored to fit the needs of schools and their staff and students. Thrive’s Managed Endpoint Security and Response service, powered by Fortinet’s EDR platform, provides real-time security with incident response capabilities.

Beyond data breaches from cyber criminals, Thrive’s managed IT services can help schools maintain FERPA compliance and safeguard against:

• Third-Party Risks: Educational institutions will often use third-party services or vendors for various purposes, such as cloud storage or educational software. If these third parties don’t adequately secure the data they’re handling, it can expose student information to potential breaches.
• Phishing Attacks: Cybercriminals may target school employees or students with phishing emails to trick them into revealing sensitive information. This includes login credentials or other personal data that could compromise FERPA compliance.
• Ransomware Attacks: Ransomware attacks from bad actors can lock whole school districts out of their own systems and data until a ransom is paid. This can greatly disrupt operations and potentially expose student records.

Thrive understands the evolving needs of students, educators, and parents. Our goal is to make sure the right tools and processes are in place so all parties involved are set up to succeed. Being prepared for the school year will help keep your students’ data safe and focused on learning and growing in the new year. Contact Thrive to learn how we can help you keep your education environment secure.