Updated: Nov 23, 2020
Nov 23rd: Schools are more than twice as vulnerable than other organizations when it comes to email security, according to research from a leading cybersecurity firm.
“It’s often the HR processes that create the vulnerabilities, not necessarily the IT or network security.”, says Rebecca Young, COO of SkoolSpot. “Hiring an international teacher requires the transfer of sensitive documents for a work permit and visa processing, usually transferred by email. It’s not secure. It’s not GDPR compliant.”
Read below for further updates on recent email phishing scams in International Education and to assess if your current teacher document processing is secure.
Nov 11th Update: Email phishing scams have recently targeted leading international education groups (COIS and AAIE) and their member schools. With email scams and identity theft up 33% in 2020, new teachers are likely to be targeted during the hiring and relocation process this recruitment season when sending personal visa documents.
Are your new-hire processes secure from the increased email phishing scams in 2021?
The arrival of the European Union’s GDPR (General Data Protection Regulation) in May of 2018, and other key pieces of legislation like California’s CCPA (California Consumer Privacy Act) in January of 2020, have spurred international schools into action to protect the data privacy of their communities. Most schools have strengthened IT infrastructure, enhanced network security protocols, and revised staff device policies - all with a primary focus - and rightfully so - on student safeguarding. This elevated focus on data protection has raised awareness of additional gaps in data protection efforts. They may not be where you think.
New-hire documents are highly sensitive
Over the coming months, new teachers will be providing the most highly sensitive data to school HR teams for visa processing - passports, diplomas, teaching licenses, criminal record checks, medical checks.
Over 80% of teachers expect schools to protect their personal documents with a platform like SkoolSpot
According to a recent study from the CRI, incidences of fraud, identity theft, and email scams have increased by 33% since the beginning of the pandemic. An internal SkoolSpot poll of recently relocated teachers show that over 80% of teachers expect schools to protect their personal documents and identity through a platform like SkoolSpot - wherever they are relocating.
3 critical questions to ask about your teachers' document security for 2020/21:
Q1: How do you receive new teacher documents?
Most schools request their new teachers to send documents via email. Given the ubiquity of email in our day to day lives, most of us will ask;
“Isn’t email secure?”
In short - No. While email itself may be secure, people are not. Therein lies much of the risk. Fully 30% of cybersecurity incidents are caused by people, primarily through email misdirection;
Email address misspellings - .com or .co.uk? McDonald or MacDonald, Mohammed or Muhammed?
Email address autocompletion - So convenient. So fast. So easy to email the wrong person.
In addition to the frequent email misdirection, email security also relies on the security of the receiver's network to ensure protection.
Conclusion: Requesting teachers to email sensitive personal documents puts their data privacy and identity at undue risk.
Q2: Where do you store documents?
New-hire documents often pass across multiple desks during the onboarding process at international school HR departments. With each step in the process, each set of eyes, and each transfer of ownership, the risk of breach of privacy increases.
The process for many international school is some variation of the following;
HR administrator asks new hires to email highly sensitive documents
Documents are received and downloaded to computer hard-drive
Documents are forwarded to other administrators in workflow and downloaded
Documents are printed for ‘last-mile’ processing at government offices
Processed documents are scanned and stored on hard drives
Processed documents are emailed to the new hire to complete visa processing
Let’s say a teacher drops out of the process, or a current teacher resigns, and you need to delete their documents; where are their documents that need to be deleted?
Conclusion: Highly sensitive documents need to be protected, centrally stored, and easily deleted if requested by the owner.
Q3: Who has access to the documents?
Teachers have a reasonable expectation that their highly sensitive visa documents will be subject to strong protection measures at their future place of employment. These measures extend beyond computer networks and include the authorization of approved staff. Ensuring that only authorized persons can access highly personal documents is an important control measure to be implemented by schools.
Conclusion: Ensuring that only approved members of a staff have access to highly personal documents is an important component of data protection measures.
Collect and Protect with SkoolSpot
SkoolSpot’s encrypted platform simplifies and secures the onboarding process of new teachers to international schools with key security features;
How does SkoolSpot help schools receive teacher documents?
No more emails with SkoolSpot's encrypted document upload for teachers and administrators. Teachers upload documents to your school-branded onboarding platform for your approved administrators securely receive, review, and approve.
How does SkoolSpot help store documents? No more multiple locations and copies. SkoolSpot's cloud-based storage provides schools with a single location to access and store teacher documents - wherever they are, wherever you are.
How does SkoolSpot help schools control access to documents?
Permissioned access and document approval functionality from SkoolSpot allow schools to control access to authorized staff members. Approval functionality allows administrators to accept/deny documents for approval and process management.
Not only does SkoolSpot's onboarding platform help schools with these 3 critical questions regarding teacher documentation, our document management functionality allows school heads to;
Track New-hire Progress
SkoolSpot’s Single Central Record (SCR) highlights the status of each teachers’ required documents allowing school heads to track the progress of their new hires.
Our customizable Single Central Record (SCR) allows leaders to identify, manage, and store the documents necessary to maintain your schools safeguarding protocol and standards for compliance, governance, accreditation, and licensure.
Learn more about how SkoolSpot can help protect your teachers and simplify your onboarding