Getting computer security right in a school is much trickier than doing so in a business. How much money can you spend? How much time can you devote to the problem? Should you have a regime in which you enforce, or merely guide? How do you win the cooperation of parents, principals and students? Security expert David Booth discusses the principles of information security for schools.
[As seen in the June 2014 edition of our magazine]
1. Understand Your Risk
Identify your most sensitive information and mark documents containing this data clearly as “confidential” or similar. Decide who is responsible for managing the risk. Work out how much risk you face and how much risk you want to take. Allocate security responsibilities clearly to other staff and ensure staff understand the importance of working securely.
Chances are, your school uses a large amount of internet-connected devices during its daily business. How best to go about ensuring that everyone using them stays e-safe? Charles Sweeney, CEO at Bloxx, gives his top tips for keeping yourself covered.
The rapid, pervasive and unrelenting nature of the internet’s impact on the curriculum means that schools and other educational establishments have had to rapidly understand this changing environment. Balancing the great potential of the web with its inherent risks isn’t easy. In fact, the latter can sometimes seem overwhelming. Understanding the cybersecurity ecosystem and how it works is vital to helping educators identify what steps they need to take to protect young people.
As published in the March 2013 edition of our magazine.
Debates about internet filtering in schools may never go away - at least not so long as pupils and teachers are prevented from accessing online curriculum resources, and draconian policies are pursued by local authorities or other education bodies. I have visited schools that block as many websites as they realistically can, so afraid are they of the risks to pupils. Ofsted itself frowns on this practice (although I have yet to visit a school that has been asked a question about how they manage internet filtering).
There are three very good reasons why we limit internet access in schools: to safeguard children, to protect the school against liability, and to ensure that pupils use the internet for the right purposes. For the first two of these, a filter - a piece of software that blocks pupils’ access to certain internet content - works reasonably well. Modern filters are relatively good at reducing access to illegal and inappropriate material, and are becoming more difficult to bypass.
There is no denying that digital technology is now part and parcel of our everyday lives and increasingly teachers are making use of it, not just as a personal management system, but as part of their everyday lessons. This is all good, of course, but there can be a rather piecemeal approach to digital technology in schools. There is an awful lot of good practice going on all over the country and still further afield; one look at Twitter tells me this. However, not all teachers realise the power and potential of digital technology.
What do you know about Phishing, Cookies, Worms and Trojans in a technological world? Do they still mean sitting out by the river waiting for a bite, biscuits, small garden slimy things or a person from ancient Troy?
The rise of online communication, financial management, social networking and education is expected to continue. As users of a whole host of technological appliances and devices, are you fully aware of potential threats and how vulnerable you may be? You hear the terms being spoken, but do you actually know what they mean? Most people place an enormous amount of trust in their devices, believing they are safe from viruses, hackers, etc., because they have created their own accounts and passwords. Technological advancement is leaving many adults behind, including some teaching staff, and they need to catch up. Growing up in an ever-changing world of technology, young people tend to be more adept at using devices and are familiar with a vast majority of terms, but do they actually know what they are, why they are so called and what the consequences may be? Whilst some of the consequences may simply be minor inconveniences, others can have catastrophic outcomes.
Protecting your school's IT systems, infrastructure, business and students' data is vitally important. School information is one of education's most valuable assets, and critical information such as financial data and student records can be very difficult to replace. Whilst data protection is paramount, network security goes far beyond that. Network security threats and challenges are becoming increasingly more sophisticated and difficult to analyse, having multiplied rapidly in recent years with the exponential growth of wireless and hand-held devices.
Although the internet has brought enormous benefits to schools and higher education establishments, the increase in access and usage, through a multitude of wired and wireless devices, puts immense pressure on schools’ IT systems. Growing opportunities and acceptance of students bringing their own devices to school will significantly increase this pressure. Adding to the complexity is the perpetual demand on ‘live’ social networking communication and access to information. With email viewed as one of the principle communication tools within schools, it is crucial that particular attention is paid to providing high levels of security. In order to find malicious content, this requires the network security system to work faster whilst not causing delays in time-sensitive traffic. To put the situation into perspective, the increase in numbers of educational network users and potentially harmful pieces of content are believed to be billions per minute per network, whereas, only a few years ago, users and threats could be counted in the thousands. Growth of this magnitude is likely to put interminable pressure on school security systems to adapt.