This approach entails creating an encrypted conduit through which unencrypted files will be transferred from a server or your computer on a nightly basis. You will need to be able to automate this process and rely on a secure File Transfer Protocol (sFTP) solution or FTPs (read how sFTP is different from FTPs). This may entail you purchasing and implementing a secure FTP solution on a district server outside the firewall.
Server Side sFTP Solutions
Client Side sFTP Solutions
Some of the features most need include:
Using a Pretty Good Privacy (PGP) or open source equivalent (GPG), such as OpenPGP Encryption Tool (GoAnywhere MFT for automated encryption). You can write scripts that automate this using PowerShell if on Windows or other solutions if on GNU/Linux or Mac. Exploring the use of scripting solutions for data encryption is beyond the scope of this webinar.
Some have eschewed this approach in the favor of an sFTP solution or simply encrypting data using a tool like 7zip or SSE (Step 3) with AES-256 encryption (more on that below).
"A virtual private network extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network" (Wikipedia).
When we talk about using a VPN in a school setting, we're not discussing consumer-level VPN tools like those used for individual protection.
Some solutions in use in Texas schools:
Personal Tip: Try Firefox Quantum with the Multi-Account Container, which allows you to group your browser cookies. This prevents one site from spying on you while you are looking at another (Facebook does this, as do many other sites). Try privacy add-ons, too.
Need to encrypt using public/private key encryption tools that are compatible with PGP/GPG? Consider GoAnywhere's Open PGP Studio for Windows, Mac, or GNU/Linux computers. GoAnywhere also offers a Secure File Transfer Protocol (FTP) solution.
"Virtual Private Networks provide an important element of privacy protection for users," Electronic Frontiers Association says. . .VPNs [are] one of the most effective tools for protecting privacy when using the Internet, due to the degree of anonymity they provide when accessing online services.
*Cost associated, usually approx. <=$50 annual
*Cost associated, usually approx. <=$50 annual
Privacy
“From a Windows machine, that’s fine. But we’ve moved to a Chromebooks-only environment. How do you add a password to exported files, like DOCx or PDF, that get sent via email?”
--Christi
The easiest solution (which isn’t that easy) is to avoid placing sensitive, personally-identifiable information online in a public folder where it is unknown who has access to it. If you must place sensitive data in the cloud, encrypt the file first. Once the person has obtained the file, remove the file. At no time should a decrypted file be placed online in cloud storage or emailed as an attachment.
Two commercial solutions districts can use for encrypting data stored in the cloud include Cryptomator and Boxcryptor.
A free solution is Secure Space Encryptor (SSE) from Paranoia Works. It’s free, open source, and works on Mac/Win/Linux/Android. It also features text encryption for iPad.
You could use this because it allows you to encrypt files/folders. If the files/folders you are encrypting save to a “sync to cloud” folder (e.g. Dropbox, Google Backup & Sync, OneDrive), then that data is encrypted.
Both solutions offer a variety of features, essentially scanning your cloud storage provider (e.g. Google Suites for Education or Office 365) for sensitive data. What’s more, additional rules can be set up to restrict placement of sensitive data online to prevent or quickly catch rule violations.
You will want to explore these solutions through an official request for proposals (RFP) process aligned to your particular district’s processes and procedures.
A big part of protecting data involves avoiding situations, like phishing expeditions, that attempt to capture your username and password. Some school districts are turning to solutions like KnowB4, which provides security probing and awareness training. For example, a false spear phishing attack is launched against employees with the organization’s permission.
This simulated attack is done without notifying the employees first. One district, for example, “sent out a baseline test to 4,390 staff and 924 clicked on it.” The district later reported that they suffered an actual attack, not simulated by KnowB4. Only one person was compromised. From 924 to one is quite an improvement.