The initiative will focus on identifying practices that improve the security of information that schools have on students and their families.
"For every parent who has provided health records to the school nurse, authorized bank debits for a lunch plan or exchanged emails with a teacher about concerns in the classroom, there are real consequences to having that information released to individuals who might seek to profit from or exploit it," Galloway said in a statement following a news conference in which she announced the program. "Parents deserve to know their children's schools have taken precautions to keep their children's personal information secure."
The Boonville, Cape Girardeau, Orchard Farm, Park Hill and Waynesville school districts were selected for the first round of audits through the initiative; additional school districts will be named next year.
The audits will focus on the effectiveness of existing cybersecurity safeguards. They will review the school districts' ability to detect a cybersecurity breach and the planned response for a breach, student personal information accessibility and protection, technology use policies, and student and staff privacy, and security awareness training.
Although no Southwest Missouri school districts will be part of the first round of audits, some local school officials said Wednesday that they think they would be well-prepared to protect sensitive data and handle breaches.
A security breach is something the Carl Junction School District has been tested by before. Several years ago, a new, undiscovered computer virus hit the school district and pulled about $190,000 out of its bank accounts, most of which was later recovered, Superintendent Phil Cook said.
Technology director Marshal Graham said the district learned from that incident. Its security policies now have multiple layers, requiring technological protections such as firewalls and anti-virus software as well as training for staff members who have access to sensitive data.
"One of the most important things we can do is just monitor what goes on on our network and keep track of those things so that we're aware when something is abnormal," he said.
Graham said the Social Security numbers of employees are among the most important pieces of data that school districts must protect. Schools are also responsible for caches of personally identifiable information about students, such as addresses, phone numbers, grades, special services and health information, he said.
According to the Privacy Rights Clearinghouse, a nonprofit based in San Diego, more than 250 K-12 schools across the United States experienced a data breach event in the past 10 years. The Missouri auditor's office noted that students and families affected by these incidents are at a higher risk for unauthorized access of account information, financial abuse and identity theft.
"Technological advances in today's schools have simplified and streamlined processes for educators, administrators, students and parents, but these benefits also carry an increased risk of vulnerability," Galloway said. "Missouri schools must be proactive in the effort to secure student data, and Missouri students must be equipped with the information they need to protect themselves online and in our increasingly connected environment."
Missouri Auditor Nicole Galloway's announcement came one day ahead of the official launch of National Cyber Security Awareness Month, which is recognized during October.
National Cyber Security Awareness Month is designed to educate people about cybersecurity through events and initiatives, and increase the resiliency of the nation in the event of a cyber incident. It is sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center.
©2015 The Joplin Globe (Joplin, Mo.) Distributed by Tribune Content Agency, LLC.