What you need to know
In the modern landscape where digital technologies have permeated into almost every aspect of our daily lives, including education, safeguarding sensitive data is of utmost importance. Recently, a strong directive regarding cybersecurity has come from New Zealand's Deputy Privacy Commissioner, Liz MacPherson. She underscores the necessity of a safety measure known as 'two-factor authentication' (2FA) in maintaining the security of digital systems.
Two-Factor Authentication in MacPherson's Words
Two-factor authentication is a security procedure that asks users for two different identifying elements when logging in to a digital system. This could be a password or PIN, followed by a unique code sent to a mobile device or email. It's a significant step up in security as it adds a second layer of defense against unauthorized access.
Highlighting the importance of this protocol, Deputy Privacy Commissioner Liz MacPherson explicitly states:
“Two-factor authentication is a bare minimum we would expect for small businesses or organisations that hold or share personal information digitally. If you are a small business that has a cyber-related privacy breach and don’t have at least two-factor authentication in place, expect to be found in breach of the Privacy Act.”
What This Means for Schools
MacPherson's emphasis on 2FA as a "bare minimum" standard of data security highlights the significance of this measure in today's increasingly digitized world. Her statement underlines that schools, similar to small businesses, are expected to protect sensitive data in their digital systems by using 2FA at the very least.
The message here is clear: failure to take this essential precaution could result in a breach of the Privacy Act, especially in the event of a cyber-related privacy breach. By using 2FA, schools can significantly mitigate the risk of a security breach and demonstrate that they are taking "reasonable" measures to protect sensitive data.
Conclusion
Schools hold a great deal of sensitive data, making them potential targets for cyber threats. Adhering to the Deputy Privacy Commissioner's advice and implementing two-factor authentication is a practical step to enhance cybersecurity. It is a clear demonstration of a school's commitment to protecting its community's personal information. The advice from the Office of the Privacy Commissioner sends a strong message: taking appropriate security measures is not just about compliance, it's about maintaining the trust of students, parents, and staff.