Anybody living in the public spotlight faces critics who actively seek missteps while often ignoring moments of excellence. After connecting deeply with children at a school outside London, Michelle Obama was surprised to learn the news that the visit had been little more than an epic fashion fail on her part. Constantly scrutinized, school boards must be on their best behavior at all times. By adopting the following best practices for board governance, they can meet the uncommonly high standards that they inevitably face.
Don’t Skimp on Security
Nothing spells shoddy governance like a data breach, and school boards’ public-facing websites are virtual click bait for hackers. Ransomware rings like Samsam seek targets for whom their hijacking of data would compromise vital services – and who can also access the $51,000 that is their average ransom demand. Identity thieves know that enticing emails will get a few rubes to click, thereby giving the hackers insider access to all the personal identifying information stored on the district’s network. Inadequately protected sites are low-hanging fruit for cybercriminals. For a school board, fortifying defenses is a necessity, not a luxury. Following these best practices keeps you a step ahead of nefarious actors:
- Keep district documents under lock and key. Popular file-sharing sites like Google Docs jeopardize data security. First, their materials are stored on the cloud, which even average hackers can penetrate. Second, they provide no encryption or low (128-bit) encryption. The gold standard for data safety is storage on a private, cloud-based server that offers full, robust 256-bit encryption – which the best board portals provide. Top portals additionally offer group editing features that leave other techniques in the dust. Synchronous updating instantaneously refreshes the view of all parties when a member alters a shared draft, and automatic stamping of dates and contributors even keeps track of who-said-what-when as edits accumulate.
- Contain Proliferation. Say you wanted to get your hands on information in district documents used by the school board. You would seek out boards that let the documents spread beyond the board members. You would also look for boards that don’t care if documents are downloaded onto devices with low levels of hardware security.
To keep crooks at bay, protect your data by keeping board business on the secure board portal and only on the secure board portal. Integral to that project is a policy that forbids anyone from downloading board documents onto personal devices like tablets, laptops, and phones. Once materials leave any central repository, the genie is out of the bottle. From there, they can travel far and wide without a trace. A secure portal prevents that dystopic calamity.
- Move from paper-based to digital board materials. Properly secured digitized documents can be contained far more effectively than paper copies can. In a 2017 NSBA/Diligent survey of 428 school board members from a representative sampling of districts, only 22% of respondents knew that digitization (if done securely) increases the security of their information. Paper copies, after all, can be lost or stolen in restrooms, coffee shops, or planes. Someone can make copies of them and return the originals without leaving a trail.
- Ban board emails. Nearly all email lacks adequate data encryption, and email accounts provided by the district create a gateway through which hackers can access the entire network – grades, scandals, salaries and all. Moreover, if board members communicate about board business over email, it can legally constitute a “rolling quorum” that violates open meeting laws. State by state, laws are being written to forbid the practice.
- Find out the security level of present practices. A security audit lets you know about vulnerabilities in your system before they wreak havoc. The City of Atlanta assumed all was well with cybersecurity – until hackers created a two-million-dollar nightmare for them. They’d needed a wake-up call but had no way of receiving one; cybersecurity had been a relatively low priority. An expert analysis of gaps in the system would have armed them with the knowledge they needed.
Still, security audits are not even on the radar of the average school board. The NSBA survey posed the question: “Has your board conducted a security audit of communications?” A full 51% of respondents had no idea if their board had done so. Another 31% knew that they had not had such an audit. To get the job done right, beware false prophets: security audits should be conducted by a high-ranking technology officer from IS or IT, an outside consultant, or someone from the Audit Committee or Risk Committee.
- Train board members. Even if nobody on a school board speaks quizzically of “the interweb,” chances are that most of the board still doesn’t know how to use information technology safely. No amount of hardware or software will protect data if that’s the case. Human error accounts for an overwhelming majority of data breaches. The best practice for good governance is to conduct cybersecurity training by experts at four board meetings a year, with quick tabletop exercises at all meetings to reinforce the lessons learned.
Make Transparency Above Reproach
Any hint of secrecy erodes the public trust of constituents. Making non-confidential documents absurdly easy to find goes far to quell suspicions. The same software that creates a board portal makes it possible to post publicly the following materials:
- Meeting notices and agendas. Most Americans spend a large chunk of their day online. Few Americans stroll past public buildings each day to check out the bulletin boards. Younger constituents in particular are more likely to see an online announcement of an upcoming meeting. What’s more, a board portal lets the public read any background material that is not confidential: a simple click can send them to links to policies and articles relevant to an upcoming meeting. Moreover, electronic meeting announcements also make materials accessible to citizens handicapped by immobility or social anxiety.
- Meeting minutes and footage. Board portal software allows a school board to post minutes of a meeting right next to the agenda for that meeting. The best such software even makes it easy to integrate the board’s own video footage of the meeting.
- Make historical records accessible and searchable. Researchers typically beg to see pubic records. They may even have to produce a police warrant or a subpoena. Is it any wonder that the public suspects someone is hiding something? Volunteering user-friendly public records without even being asked sets a different tone entirely.
The best board portal software makes it possible. Online archives containing policies, minutes, maps, spreadsheets, and other historical documents make them easier to find than they are if they’re stored in a vault. The right portal even makes such materials searchable. A meta-search by keyword pulls up every single instance of its usage – scanning all the files in all the formats at once.
Make Public Meetings Productive
Parks and Recreation attracted so many viewers because it so accurately and comically captured the wide gap separating theory from practice in meetings that are open to the public. While the board chairman may have planned a detailed discussion of the costs and benefits of a proposed program – building a new stadium, say – the meeting might well devolve quickly into a shouting match when one teary-eyed veteran recounts all that the football team meant to him as a teenager. Without a plan, chaos erupts and a discussion of costs and benefits is unthinkable.
Preventing this familiar catastrophe lets attendees know that you value their time – and that you’re capable of getting things done. The key is creating structures in advance. If you consistently follow Robert’s Rules of Order, everybody knows that one person at a time “has the floor” and that the chairman is the traffic cop. With that expectation established, the chair can redirect the meeting to business without appearing to have a vendetta against the veteran. “Mariah has the floor,” he could say. If speakers routinely must honor time limits (by registering for time in advance, say, through the online portal), it paves the way for the chairperson to state calmly, “Your time is up. Next speaker!”
Prevent Breaches of Confidentiality
All these techniques for bolstering openness and transparency create new concerns. A school board member sees exceedingly sensitive information. She certainly doesn’t want the “he said-she said” transcript of a personnel dispute to get into the wrong hands. The law also obligates her to maintain its privacy. Why put materials online then?
The right board portal keeps only the right versions of the right documents easy for the public to find. Software that provides role-based authorization consistently keeps detailed accounts of delicate material accessible to board members and board members only. When non-authorized users click the same tab on the portal, they see only a scrubbed version of the same document. Because it’s hard coded, there’s no chance of an accident caused by human error.
Actively Include Disabled Constituents
We’ve seen that online posting of minutes, agendas, other documents, and videos opens the door to involvement for immobile and socially anxious constituents. The right portal also brings the district into ADA compliance by taking care of the myriad requirements governing the online presence of public institutions.
If citizens with disabilities still can’t attend meetings, though, are they really “participating”? A board portal can facilitate alternative means of two-way communication for them. There could be designated hours to “chat” online with school board members. Or 24/7 online feedback forms with the promise of a response within a designated time.
Board governance best practices make any district more effective. These measures keep confidential information safe while maximizing transparency and access. Trust, community engagement, and voluntarism naturally ensue.