Securing your school counseling cloud storage and tools from The Counseling Geek | www.thecounselinggeek.comWith great power comes great responsibility.

As a self-proclaimed geek and technophile, I firmly believe that technology enhances our ability to provide positive supports and great comprehensive school counseling programs revolving around the ASCA National Model. I often write about these great tech tools and interesting ways to use technology in our day-to-day school counseling, but I want to take this post and share another side of the story. One of my favorite sayings when helping people troubleshoot their tech is “Technology is great except when it doesn’t work”. The great (and repetitious) Spiderman line of “with great power comes great responsibility” rings very true with the use of technology. Because of the ability to do so many cool and useful things – an inherent risk of abuse is the flip side of the story.

[Tweet “”Technology is great…except when it doesn’t work.” #scchat”]

I love Dropbox and Google Drive.

I would say that it goes beyond a love and into the realm of obsession when I talk about “the cloud”. Roughly 90% of the documents, spreadsheets, and presentations I create at work now are all through Google Drive. While not as full featured as the Microsoft Office Suite, the price is perfect for most school districts and many are “going Google” – mine did two years ago and we haven’t looked back. With both Google Drive and Dropbox (see the links for more info on these tools or install Dropbox), a super awesome tool is that folders and individual documents can be shared and developed collaboratively.

For example, at my school, we in the recent years have implemented a mandatory community service requirement for all students. This is a wonderful experience for students and our community, but it creates a documentation and tracking nightmare. I had to choose to either track all of the hours myself by funneling all of the logs through my office and doing the data entry myself OR delegating this task to each of the advisory teachers to track 17 students in their classes throughout the year. 330 students x several papers each x all year = a major pain in the arse so I elected the latter. I created a great (and pretty clever) tracking document that has each student listed in individual grade tabs and self-calculating formulas with conditional formatting to be able to get a sense of where students are with a simple glance. This document is shared with our staff and the teachers go through and update their own students throughout the year. Overall – a great system and it makes the system much easier on everyone.

So what’s the problem, you ask?Cloud problems school counseling

The problem with some of these cloud storage and documenting tools is two-fold: one is that it is only as strong as its weakest link and two is that the data is hosted elsewhere and you lose some control over it. I am less concerned about the second problem, but would caution you against storing very sensitive documents in the cloud (read: things that can be subpoenaed). For those types of documents, I suggest looking into TrueCrypt – a free tool that creates encrypted folders wherever you want to put them. The link brings you to a page explaining that the software is no longer under development but still secure with downloads at the bottom. I use it and am confident in its function, but you can also look into BitLocker for Windows too. For school counseling purposes – this software is handy, pretty easy to use, and will keep those out that need to be kept out. I do use Dropbox (Install here) to store some of these folders because the encrypted folder makes it impossible (nearly) to access without a password you create. This program uses DOD and NSA quality encryption to keep inappropriate access out of your sensitive files.

[Tweet “Protect your documents with TrueCrypt or BitLocker – learning about it with @CounselingGeek #scchat”]

The first problem with the cloud and, specifically, sharing collaborative documents is our main concern. I will share a first hand experience that happened recently that caused lots of extra work, but could have been much worse. That same community service document mentioned above (and several others) were breached by a student who accessed the documents via a teacher computer (who didn’t do anything knowingly wrong, but was perhaps a little too trusting). The teacher left the computer unattended and logged in to their school Google account. The student pulled up the shared Google documents in question and shared it with an outside account that they solely created to tamper with the documents and update community service hours. Over the course of 6-8 months, the student accessed the documents to falsify their (and other students to cover their tracks) community service hours. This was finally discovered, we painstakingly reviewed every single revision the account made in the months in question (one plus about Google Docs is the ability to track changes!) and fixed the issues they created. It was a lot of work but ultimately, with hard copy backup documentation and double checking, were able to get accurate data back in place and move forward. Needless to say – it was a stressful and busy/tedious 6 hours of work for all of the admin in the building.

What do I do about securing my cloud?

I have a few tips for helping secure documentation and data that you store or collaborate with in the cloud.

  1. The first one, which I wrote about above with TrueCrypt, is encrypt your files you wouldn’t want anyone else accessing. This works well with Dropbox or Box.com, but doesn’t play very well with Drive. I haven’t found a great solution for encrypting drive folders so I stick with Dropbox for those needs.
  2. Train your staff. With the new technology and constant changes that happen with each tool – staff (especially some of the older staff…sorry if that is you – but it is true) often times do not understand how some of the tech works and how easy it may be to compromise data. Going over proper use and security of their technology and accounts seems basic, but something that should be covered each year in review and with every new hire in-depth. This covers things like strong passwords, yearly password changes, settings related to shared documents and folders, to simple things like CC and BCC settings in email and forwarding emails with content to people who shouldn’t have access to that info. Don’t skip this because it seems simple or redundant.
  3. Regularly check your sharing settings. In your most important documents, I would suggest checking your sharing settings every other month. Check for unknown email addresses, check out the revision history for the recent history to see if anything looks fishy, and remove access to those who no longer need to have it. Also make sure that the overall sharing setting is appropriate (i.e. only those on the list, anyone in your organization, anyone with the link, or public on the web).
  4. Enable one simple setting to maintain control of your Google Documents. This was a simple, but overlooked setting (even by me!) to enable to maintain share control. If I had this enabled, this problem could have been avoided (with a caveat – see below). You can see the image below for a visual example of this setting, but you access it through the sharing settings in Drive and then click on Advanced. After you select Advanced – the menu will expand and near the bottom you will see “Editors will be allowed to add people and change the permissions.” and an option to change. Click change and toggle the option to Only the Owner can change permissions. This will prevent editors from adding other accounts to be able to edit the document. It doesn’t default to this option, so you need to do this for all documents you have or will create.

This slideshow requires JavaScript.

The one caveat mentioned above is that this setting doesn’t prevent someone from accessing the document if the staff user account is compromised or is accessed through a computer that has the staff account logged in. This is still a problem and one reason locking a computer when leaving it unattended is a good idea (on a PC just hit Windows Key-L to lock).

ADDITIONAL READING:  Looking Back at 2014: A School Counselor's Blog Post Year In Review

 

Securing your school counseling cloud storage and tools from The Counseling Geek | www.thecounselinggeek.com

Lesson is learned and time to move forward

While avoiding lessons learned the hard way – they often create the best learning situations. Luckily in this instance, all the damage could be undone, but sometimes this tampering can be catastrophic and damaging to student/family safety. So just double-check your settings, ensure that what you share is something that you feel comfortable with having in the cloud, and take your precautions serious. I hope that this is helpful as you review your electronic and cloud safety – please share this article with colleagues that may need to lock down their cloud content and please comment if you have other great ideas regarding cloud safety.

TCG-Signature1

 

Pin It on Pinterest

Shares

Done already?

Don't you think your friends and colleagues would like to read this? Take a moment and share this article with them!

School Counseling in the Cloud – Keeping Safe with Drive, Box, and Dropbox

by Jeff Ream time to read: 7 min
2

Get your Geek on with weekly updates straight to your inbox!

Enter your email below and jump on this bandwagon! Never miss a post.

Roll on little doggie - the next post will land smack dab in your inbox.