The Importance of Data Security
As schools nationwide look to enhance safety measures, many are turning to visitor management systems to help create more secure entrances by identifying threats at the door. While moving to a digital solution has many advantages, some schools may be leery of moving away from traditional methods like pen-and-paper check-in sheets because of issues with how data is collected and secured. This is a legitimate concern as schools do not want to expose themselves to risk with a solution that does not have robust data security measures in place. However, there are solutions available that understand why data security needs to be just as important as the ability to detect potential threats. In this blog post, we’ll outline what schools should look for regarding data security when selecting a visitor management system.
Data Security Considerations
To quickly and accurately identify potential school threats, visitor management systems require guests to present a photo ID upon entry that can then be screened against national databases. Some visitor management solutions also offer additional features that help schools monitor potential threats, and plan for and respond to potential emergencies. All of this is sensitive data that can pose serious issues if unsecured. Ill-intentioned parties may gain access to information that allows them to circumvent security measures, expose vulnerabilities, and even steal identities by accessing personal information stored within an organization. To prevent this from happening at your school, while still being able to take advantage of the security benefits a visitor management system provides, here are some questions to consider while evaluating different solutions.
- How is data transferred? Data should be transferred securely using HTTPS (SSL connections) to and from all check-in devices, computers, and databases to the solution’s secured, monitored infrastructure.
- How is data stored? Data should be stored securely in encrypted databases, and high-risk PII (personal identifiable information) such as driver’s license numbers, street addresses, and more should be encrypted using AES encryption. All infrastructure logs should be encrypted, secured, and rotated with continuous access monitoring, meaning the vendor knows if the logs have been accessed, and logs may only be accessed by select internal infrastructure and security personnel.
- What’s publicly available? A secure visitor management solution should not have any publicly available documents, databases, customer-uploaded files, or API endpoints.
- What information is collected? No unnecessary information should be collected, and any unnecessary information that is sent is discarded. It should use only the minimum data for students, guardians, visitors, volunteers, and staff.
These should be the bare minimum requirements your school needs to ensure it is selecting a secure solution. But how does this translate into an actual visitor management tool?
How Visitor Aware Secures Data
- Never collects or uses student photos
- Never collects or uses student social security numbers
- Never collects or stores behavioral health notes, student risk assessments, health records, documents, or other information
- Has no PII in document storage for any reason, on any server
- Uses AES256 encryption for visitor photographs. Only the most recent photo is stored, and at each new visit, the previous photo is securely destroyed.
- Does not store any information on check-in devices such as iPad kiosks or web-kiosks, and all visit/visitor information is completely destroyed after each visit.
Schools can have confidence that they are implementing a solution that provides vigorous visitor verification and secures the data it uses to do so. With additional features for managing students, safety drills, and busing, Visitor Aware offers schools a complete and secure solution for enhancing the safety of students and staff. Visit our Schools & Districts page for more information.