Staff Email Addresses Removed From District Websites to Improve Cybersecurity

By Lauraine Genota — December 05, 2018 3 min read
  • Save to favorites
  • Print

Citing growing concerns about phishing scams and potential hacks of their computer networks, some school district technology leaders have decided to remove staff email addresses from their official websites, a move that some experts warn could frustrate parents.

Since early November, scrolling through Campbell County Public Schools’ website would no longer reveal any staff email addresses. Instead, there are just phone numbers and a generic email for the webmaster.

The district’s director of instructional technology Mark Slusher told a local paper that the decision to remove staff email addresses from the website is a way to improve cybersecurity and protect against phishing scams.

Cybersecurity experts have recommended the removal of email addresses on websites, he said. Having staff email addresses publicly available “opens the door” for anybody to send an email with illicit links to a staff member, and “that’s how the school network can be hacked,” Slusher told Lynchburg newspaper The News & Advance.

Parents can still contact staff by calling the schools or through the Parent Portal, a secure web-based application that allows parents to look at their child’s attendance, lunch account, class schedule, grades and more, according to The News & Advance.

Doug Levin, the CEO of consulting firm EdTech Strategies, in an email to Education Week, said that it’s “not uncommon for schools or other organizations” to remove contact information from public websites to protect against “marketers, scammers and criminals.” But it may “disadvantage some parents, including those for whom email is the easiest or only way to communicate with their children’s school during business hours,” he said.

Slusher told Education Week that they have not received complaints from parents, and if teachers want to give out their email address to parents, they are free to do so.

In Illinois, the Township High School District has also stopped publishing staff emails on its website to avoid scams.

Keith Bockwoldt, the director of technology services for Township, said in an interview with Education Week that about five years ago the district switched to a web-based form that parents or anyone can fill out if they need to contact a staff member. While the district did get some complaints from parents, the form is an easy and safe way to communicate with staff members, he said.

For Township, the decision to remove the emails has “trimmed down” the number of phishing scam emails that employees have received. But that’s not the only way the district is protecting against cyberattacks. Bockwoldt said the school system has awareness campaigns and training drills for staff, so they know what cyberattacks are and how to protect against them. The district also has software and a firewall in place to prevent attacks.

According to the Consortium for School Networking, a professional association for school system technology leaders, about 90 percent of cyberattacks start with phishing, the practice of sending seemingly legitimate emails that will entice users to reveal personal information or click on links that install malicious software.

Training staff to detect and report suspicious emails is the most important step to deal with phishing, according to CoSN. The organization also strongly recommends configuring firewalls and email systems to have rules that don’t allow “bad” attachments.

Campbell County’s decision was not in response to any attack on the district’s network, according to Slusher, but because its employees were beginning to receive many phishing scams. Starting in January, the district will focus on educating their employees on how to protect against cyberattacks.

As schools increasingly turn to education technology and cloud computing, they become more vulnerable to hackings. Just last week, Project Tomorrow released a survey that showed 71 percent of district administrators are concerned about network security.

There have been more than 380 cybersecurity-related incidents involving U.S. public schools since 2016, according to Levin.

See also:

A version of this news article first appeared in the Digital Education blog.