The Office of the State Auditor (OSA) has discovered explicit material on school computers in a follow-up to a review called the Children’s Internet Protection Act (CIPA) Compliance Review that was issued in 2017.
In the 2017 review, OSA surveyed 18 schools throughout nine randomly selected districts to see if their Internet Safety Policies (ISPs) and Technology Protection Measures (TPMs) fulfilled CIPA requirements. The purpose of the review was to test the reliability of the district’s cybersecurity controls and the filters installed on devices issued to students in an attempt to protect students from harmful sites on the internet.
Unfortunately, it was discovered that students had access to explicit material on their school-issued devices. Of the 150 devices tested by OSA, 20 percent showed evidence that students were able to access illicit material.
While all nine school districts had written policies and technologies implemented to filter student-issued devices, they were deemed ineffective. This led to the OSA’s issuance of the Cybersecurity Best Practices document for school districts.
OSA recently conducted a follow-up review to evaluate how each Mississippi district had enforced the recommended cybersecurity protocols.
The review concluded that the majority of school districts are generally complying with CIPA regulations. 94 percent of school districts adopted an ISP and 80 percent of school districts showed that they have a TPM in place. 91 percent had set all of their school-issued devices to “Safe Search” mode per CIPA recommendations.
Nevertheless, these precautions proved to be unsuccessful when not properly administered.
81 percent of school districts were unable to show sufficient evidence that ISP policies were enforced when devices were not on school property. Fewer than half of the districts were alerted when inappropriate online activities took place on school-issued devices. Only 36 percent of districts have held public discussions on CIPA policies for their schools.
In addition, while 59 percent of school districts tested and monitored TPMs in place, only 17 percent of districts were able to provide sufficient evidence showing that they randomly checked school-issued devices for unusual activity.
“The bottom line from this report is that many school districts comply with the minimum legal standards, but those minimum standards are not enough to guarantee student safety,” Auditor Shad White said. “We still see students able to access pornography, discuss illegal activity, and plan self-harm using state-issued devices.”
As a result of these findings, the Government Accountability Division is contemplating revisiting these risk areas to ensure that appropriate action is taken in the future.