You’re sold on meeting management software. Perhaps you sit on another board that is doing amazing things with it. Or you’ve read the data on the vast improvements it can bring. But your school board shows little interest. To persuade them, you must assume the role of educator. As the teacher of the school board, the best strategy is to link meeting management software to security and transparency.
The school board accesses FERPA- and HIPAA-protected information all the time, as members must be fully informed on the most highly sensitive matters. Yet board members may well have technological know-how inferior to a teenager’s, and the computer systems they use are hardly foolproof.
Hackers see the resulting security vulnerabilities as a golden opportunity. International ransomware rings adore US school districts as targets, as they meet their two main qualifications: Corrupted data could drastically disrupt essential services, and the district could access the average $52,000 ransom that they demand. ISIS even broke into 800 US school websites to air recruiting videos to the young audiences that they reach.
These threats demand every board member’s attention. There are precedents for holding each individual board member financially liable for a data breach, and a tightening of the screws is probably right around the corner; since the exposure of privacy compromises by Facebook and Cambridge Analytica, future laws are apt to go to greater lengths to protect privacy by whatever means necessary.
Most school board members know neither the enormity of the threat nor the steps they must take to eliminate their greatest security vulnerabilities. Most regularly conduct business in ways that position their board information as low-hanging fruit for opportunistic hackers. For instance, 61% of respondents to a 2017 National School Boards Association (NSBA) survey of 428 school board members nationwide said that they use personal email accounts to discuss board business. The extent of their ignorance comes as no surprise, as only 12% of respondents had received mandatory cybersecurity training. As their teacher, your curriculum should highlight five key points:
The board must see more highly sensitive information than any other stakeholders in the district. Is there an accusation of sexual harassment? They need to see mental health records, criminal histories and employment contracts. It is imperative that the public sees a scrubbed account of the accusation that includes none of that information. Even one slip-up is one too many.
The solution is to remove human error from the equation by using meeting management software with role-based authorizations. It consistently keeps different versions of documents accessible to audiences in different roles.
The NSBA survey found 34% of respondents storing board materials in hard copy format. Misinformation is rampant; paper seems to “feel” safer. It’s actually far riskier. It’s impossible to track a proliferation of paper copies, which can always be multiplied with photocopying. It’s easy to leave papers behind at a café or on a plane, at which point anyone could take them. Digital material can actually be erased from afar with “remote wiping” if it is stored on hardware.
In fact, most school boards have not prioritized the securing of board communications at all. A full 31% of NSBA survey respondents reported that their board had not had a security audit of board communications, while 51% responded that they didn’t know if they had had such an audit.
Communicating about board business via email puts all of your district data at grave risk. Personal email is wholly unsecured. Accessing it is as easy as picking a car lock, while secure storage requires hackers to have the sophistication it would take to break into Fort Knox. Once they know board members’ email addresses, phishers can also send them emails with clickbait. Once clicked, code in the email injects viruses into the victim’s system. And most school boards publish those email addresses on their websites!
Again, not knowing the facts leads school boards to take on unacceptable levels of risk. We’ve seen that 61% of board members regularly or occasionally use personal email accounts to communicate about board business. Using network-provided email accounts (a routine practice of 79% of survey respondents) creates a false sense of security. Because email is part of the district system, a phisher who can penetrate an email can thereby access not only the information in that email, but all of the contents of the district’s hard drive.
If using email still seems inviting, the list of states that define group emails as violations of open meeting laws is growing. If a majority of the board is privy to the content, it constitutes a rolling quorum. If a string of replies could be construed as “deliberations,” the emails violate the mandate that such conversations take place only at public, in-person meetings.
Like most districts’ websites, Dropbox, Google Docs and the like provide inadequate security for the data you put there. Not only do they fail to provide full 256-bit encryption, they also put your information on the cloud, where hackers could easily get at it. You need storage on a private server, which they do not provide.
Present practices reflect negligence arising from ignorance. Thirteen percent of NSBA survey respondents store board materials on a file-hosting site. Only 42% store board materials on a board portal with adequate security. Sixteen percent of survey respondents believe file-sharing site storage actually decreases risk and 22% believe such storage has no effect on document security.
In the NSBA survey, 20% of respondents download board materials onto a personal or external hard drive. It’s especially tempting to do so before a long flight without Wi-Fi; it makes it possible to read a lengthy document on the plane. Once data is downloaded, accessing that information is as easy as stealing a laptop. If each of, say, eight board members download documents, there are eight unprotected devices floating around, and all of them are discoverable in the event of a lawsuit.
Once the board understands that a meeting management system protects the district from cybercriminals, your work may well be done. If not, showing how such a system can maximize public transparency should seal the deal. Such a system makes meetings more inviting, welcomes inspection of district business and facilitates unconventional formats to elicit public participation.
Meetings themselves become more productive and even enjoyable. Attendees will have read background materials before the meeting through simple links on the portal-posted agenda. Meeting management software makes it possible to hold paperless meetings, eliminating the distraction of many people entering a private headspace as they shuffle through papers to find something; on a projector, the chairman can call everyone’s attention to the needed information from the portal. The software can also provide a place for erstwhile speakers from the public to sign up in advance to speak at the meeting. Speakers must specify a single topic, and they can see the time limit. Lengthy, impassioned rants vanish as if by magic.
You will get so much more done in such a civilized manner that the public will not dread finding a three-ring circus at your meetings. They might actually want to show up and contribute. If your board is content with the stalwart plodders who participate in a spirit of martyrdom, they have no idea what is possible when a broader swath of the public has a sense of ownership and enthusiasm.
Citizen queries about district business traditionally take a cue from the Watergate investigation: Young (heroic) truth-seekers penetrate layers of secrecy to unearth the crimes of the stodgy (guilty) establishment. Trust hardly characterizes the spirit of the enterprise. But public trust is the lifeblood of a school board.
With meeting management software, your board can lay all of its cards on the table. Not only is the agenda in a far more visible spot online, but the extensive repository of legislation, minutes, maps and memoranda of understanding (MOUs) that must be accessible to meet open-records laws are delivered to researchers on a silver platter. Gone are the dusty binders stored in a basement; the same software that manages meetings can put them all in an online archive. Best of all, the archive is fully searchable by keyword across all files in all formats. Now that’s transparency!
A welcoming online presence boosts inclusion as well. Some people can’t get out to walk by the meeting notice that is posted in front of the library. They can now find it from the comfort of their own home. If they can’t attend the meeting, they can get more than the minutes afterward; meeting management software allows the board to film its meetings and to post the footage on its public portal.
Cities are experimenting with new ways to reach constituents: e.g., walkshops, meetings in a box and pulse pad polling. Vancouver, British Columbia, Canada, got the highest attendance of any civic engagement effort in its history by holding a PechaKucha Night to get public input on environmental measures. The increased buy-in was especially pronounced among younger voters who might otherwise find civic affairs boring.
By teaching school board members about how a meeting management system can boost both security and transparency, you can build a compelling case that it’s time to increase board effectiveness with this powerful tool. At the same time, you will create an informed user group that is less likely to make insider mistakes, a danger even greater than that posed by nefarious characters from the outside (Cliff). Ignorance may be bliss, but the best school boards are singing a new tune: “Knowledge is power.”
Cliff, Gerald, “Growing Impact of Cybercrime in Local Government: Managers Face Uphill Battle,” Public Management June 2017, p. 7.
NSBA 2017 School Board Survey.