Survey results show a majority of school districts failed to follow through on written internet policies with effective monitoring of students’ online activities.
On Thursday, the Mississippi Office of the State Auditor (OSA) released a follow-up cybersecurity report regarding students’ ability to access potentially harmful and explicit materials online.
OSA surveyed school districts throughout the state to determine if they implemented recommendations from a 2017 cybersecurity report also conducted by the Office of the State Auditor.
“With this latest report, issued today, OSA’s Government Accountability Division is following up on the 2017 recommendations to ensure corrective action has been taken,” the 2022 cyber security report states.
Survey results from the 2022 cybersecurity report show that the majority of school districts failed to follow through on their written internet policies with effective monitoring of students’ online activities. With an increase in funding allowing for more technology at the student’s hands, the issue will continue to worsen.
“The bottom line from this report is that many school districts comply with the minimum legal standards, but those minimum standards are not enough to guarantee student safety. We still see students able to access pornography, discuss illegal activity, and plan self-harm using state-issued devices,” said Auditor Shad White.
2017 OSA Cybersecurity Report
In 2017, a review of school districts conducted by the OSA found an alarming number of students accessing pornography and other explicit material. OSA conducted the review of school districts’ compliance with the Children’s Internet Protection Act (CIPA) also known as the “Cybersecurity Audit” for the 2016-2017 school year.
OSA created testing procedures to ensure effective polices of the school districts were formulated properly and that these policies were in compliance with CIPA and the Family Educational Rights and Privacy Act (FERPA).
Of schools that participated in the One-to- One Initiative, OSA tested eighteen (18) schools within nine (9) school districts to ensure security controls of online activities were effective. During this process, 150 random devices were analyzed. Of the 150 devices tested, 30 (20%) of the devices showed evidence that students were able to access explicit material on school issued devices; evidence also indicated that the district’s filtering systems were ineffective when filtering inappropriate material.
OSA further measured the districts’ compliance of having an Internet Safety Policy which included TPMs that monitored the online activities of minors. It was determined that all nine (9) reviewed districts had a variety of written Internet Safety Policies and TPMs that block and filter devices issued to students; however, the audit discovered that there was inappropriate material found on student’s devices and that districts do not appear to be completely adhering to their own policies.
In light of the report’s findings, OSA made the following recommendations:
- The Mississippi Department of Education (MDE) should provide districts with alternative solutions to evaluate the effectiveness of their monitoring system;
- MDE should establish required uniform policies for all districts to follow regarding the installation of filtering packages and/or monitoring procedures; MDE should establish a mandatory policy requiring schools districts to monitor devices off school grounds;
- MDE should also establish substantial penalties for noncompliance;
- As students are issued publicly owned devices, schools districts should utilize best practices to ensure they are constituting “good faith” to comply with CIPA;
- School Districts should test and monitor their TPMs periodically to ensure the safety of all students;
- School Districts should have established detailed procedures showing how to implement safety protocols located within the district; and
- School Districts should provide community outreach to inform parents on ways to keep students safe while online.
2022 OSA Cybersecurity Report
In the follow-up review to evaluate implementation of the select recommendations, each school district surveyed, a total of 136, was required to submit evidence to support their responses when applicable. The results showed that cybersecurity in school districts continues to be a problem even though the majority of school districts appear to be in compliance with CIPA requirements.
The report found that despite the efforts of many school districts, OSA analysts determined the risks associated with the original findings still exist.
“One of the biggest issues is what happens when students take computers home,” the report said. “Only about one out of every five school districts ensures that their explicit materials policies are enforced when computers are taken off campus.”
The report also highlights that some school districts, such as Petal, are leading the charge in actively supervising their students’ use of school technology.
“Fewer than half of districts have technology that actively alerts administrators when someone uses a school computer for an inappropriate purpose. This sort of technology, which is currently used in districts like Petal School District, is available for use,” the report continued.”
“The danger of computers accessing explicit content has been magnified by the large amount of stimulus spending on technology in public schools in the last two years. I hope our report is useful to policymakers and district officials as they consider how to protect children of that wave of spending,” Auditor White said in a letter.
You can read the full cybersecurity report from OSA below.