The Office of the State Auditor (OSA) released a performance audit division brief concerning a Cybersecurity Audit. In their findings there came across an alarming number of students accessing pornography on their phones.
The OSA conducted a review of the school districts’ compliance with the Children’s Internet Protection Act, also known as the “Cybersecurity Audit” for the 2016-2017 school year. It gives the OSA authority to monitor publicly owned property of the state including laptops issued to students in public school districts.
The audit was to test the reliability of the security controls and make sure students were being protected from harmful and/or inappropriate material.
Schools are also required to have an Internet Safety Policy that provides blocks and filters to internet access and material.
The audit looked at 150 random devices and tested them accordingly. The devices came from 18 schools over 9 school districts. Out of those devices tested 30 of them showed evidence that students were able to access explicit content on their device. They also found that the districts filtering systems were not as effective when filtering content.
The nine districts did not enforce their Internet Safety and/or Acceptable Use Policies. The report showed that the districts do not seem to be adhering to their own policies.
Seven of the schools tested were middle schools, eleven were high schools. Of these schools tested, six middle schools students’ devices contained explicit material and nine high school devices did as well. That material included pornography.
The following recommendations were made by the OSA:
- The Mississippi Department of Education (MDE) should provide districts with alternative solutions to evaluate the effectiveness of their monitoring system;
- MDE should establish required uniform policies for all districts to follow regarding the installation of filtering packages and/or monitoring procedures;
- MDE should establish a mandatory policy requiring schools districts to monitor devices off school grounds;
- MDE should also establish substantial penalties for noncompliance;
- As students are issued publicly owned devices, schools districts should utilize best practices to ensure they are constituting “good faith” to comply with CIPA;
- School Districts should test and monitor their TPMs periodically to ensure the safety of all students;
- School Districts should have established detailed procedures showing how to implement safety protocols located within the district; and
- School Districts should provide community outreach to inform parents on ways to keep students safe while online.
The OSA will continue to monitor the school district’s compliance and report any discrepancies.
