Security Best Practices

This section provides best practice resources related to data security issues. These materials have been designed to help education stakeholders, such as state and local educational agencies, the postsecondary community, and other parties responsible for safeguarding student records, to improve protection of student records in their care.

Best Practices

W 2 Phishing Scam

Important Internal Revenue Service (IRS) guidance highlighting ongoing phishing attacks against K-12 schools and school districts. These attacks are targeting HR and critical business functions within organizations to access the Personally Identifiable Information (PII) from the W-2 forms of employees and, in some cases, extracting fraudulent payments from their victims. This document contains a summary of the attacks, tactics of the attackers, potential ramifications and links to the official IRS guidance.

Guidance

Data Security Checklist

This checklist is designed to assist stakeholder organizations with developing and maintaining a successful data security program by listing essential components that should be considered when building such a program, with focus on solutions and procedures relevant for supporting data security operations of educational agencies.

Guidance

Cloud Computing FAQ

This document is designed to assist educational agencies and institutions that are considering using cloud computing solutions for education data. It contains responses to frequently asked questions about meeting necessary data privacy and data security requirements, including compliance with the Family Educational Rights and Privacy Act, to ensure proper protection of education records.

Guidance

Identity Authentication Best Practices

This brief offers best practice recommendations for developing and implementing effective authentication processes to help ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access, be it in person, over the phone, by mail, or electronically.