How can a school safely and simply go about creating a solid e-safety policy? Expert Alan Mackenzie, the man behind Esafety Adviser, explains how to have a policy that is strong, clear and not overly-complicated.

Nobody enjoys writing, reviewing or reading policies, but it is a necessary evil. The e-Safety Policy is important in school for a number of reasons, including:

Given Charles Sweeney’s excellent piece about anonymous proxies in schools last week, we decided to revisit a pertinent article written by Alan Mackenzie, Managing Director at SafeICT Consultancy Ltd, from last year.

As published in the March 2013 edition of our magazine.

Debates about internet filtering in schools may never go away - at least not so long as pupils and teachers are prevented from accessing online curriculum resources, and draconian policies are pursued by local authorities or other education bodies. I have visited schools that block as many websites as they realistically can, so afraid are they of the risks to pupils. Ofsted itself frowns on this practice (although I have yet to visit a school that has been asked a question about how they manage internet filtering).

There are three very good reasons why we limit internet access in schools: to safeguard children, to protect the school against liability, and to ensure that pupils use the internet for the right purposes. For the first two of these, a filter - a piece of software that blocks pupils’ access to certain internet content - works reasonably well. Modern filters are relatively good at reducing access to illegal and inappropriate material, and are becoming more difficult to bypass.

When you’re in school, you want to defy boundaries, but those boundaries are generally put in place by school staff who know better. Policing how pupils use the internet without stifling their education can be difficult. On top of this, students can easily use proxies to access any site they wish, as Bloxx CEO Charles Sweeney points out.

The education sector has been quick to realise the potential of the Internet as a valuable and collaborative teaching aid. Certainly, the ability to interact with dynamic applications, collaborate with students from around the world and have guest speakers beamed into your classroom via video conferencing has changed education as we know it.

This can only be viewed as a good thing. Broadening children's horizons is key to developing a generation that will keep the UK at the forefront of economic developments, generate new business ideas that create jobs and nurture the talent that leads foreign companies to invest in Britain. But it also brings with it inherent security risks, and schools have a duty of care to protect children from any inappropriate or offensive online content. The ramifications of a five year old being exposed to inappropriate content over the school network has serious ramifications for the school.

In its recent revision of the guidelines for inspection, Ofsted stated schools must seek to protect and educate pupils and staff in their use of technology. This includes having the appropriate mechanisms in place to intervene and support any e-safety incidents. A school’s network infrastructure, and more importantly the data on it concerning pupils, staff and core admin functions, is arguably its key asset. As such, any e-safety plan needs to extend to the appropriate protection of confidential data.

Ofsted has stated that one indicator of inadequate performance is through unsecured personal data and leaving school websites without adequate encryption. If lost or stolen, the impact upon a school’s finances or reputation can be severe. So how should an adherence to compliance be addressed?

Developing an Acceptable Use Policy (AUP) for ICT should include usage of school-based equipment, both wired and wireless networks and infrastructures, for both BYOD and BYOA.

Establishing an overall policy framework for electronic communications should recognise the convergence of communications functions and services.

It should also clarify the applicability of law and other school policies such as data-protection, safe-guarding, health and safety and computer misuse.

In the few decades since the birth of the web we’ve moved from email to social networking to a breadth of online services, storing more and more of our personal information in the so called ‘cloud’.

The level of data out there is growing at an exponential rate. In a typical day last year, people sent more than 144 billion emails, shared more than 684,000 pieces of content on Facebook, and uploaded over 72 hours of video footage onto YouTube every single minute.

Security experts predicted that 2012 was going to be the year of the 'Smart Phone Hacker'.

In a published study (Edudemic 2012) authors Winconyk and Steele cited Fortinet security expert David Manky who said, "… like home or office personal computers, Smartphones are vulnerable to all kinds of attacks". This is also true of other personal mobile devices such as Androids and tablets.

Many young people own a Smartphone or Android device and are at risk of banking Trojans, Spyware and infected Apps without even realising it. The number of different types of malware increased to 4000 in 2011 which represented an increase of 8,500%! Warwick Ashford for Computer Weekly (March 2013) reported that, 'The number of new malware programmes targeting Android devices reached almost 140,000 by the end of 2012'. Staggering!

There can be little doubt that e-safety is an important part of the well-being and safeguarding of children, young people and vulnerable adults. There is also no doubt that there is a significant amount of scaremongering that does little to give schools confidence to move forward and innovate strategically with ICT across the curriculum.

E-safety is a journey; it is a sum of many parts which, combined, will allow schools to gain confidence and really drive forward. Generally speaking, these parts are:

We all know that keeping pupils safe is one of the most important things schools do. In terms of e-safety, Ofsted recently recognised the efforts schools and parents have gone to to improve e-safety practice, and gave credit to their hard work in protecting young people online. Therefore, when the new Ofsted Framework came into being in September 2012, some schools may not have noticed the changes to e-safety. In fact, I have spoken to many colleagues who were not aware there had been any changes at all.

This article is designed to explain some of the main changes to e-safety and point you in the direction of useful resources, should Ofsted come knocking on your door. However, I do acknowledge that many schools will want to ensure that their e-safety practice is up to date, regardless of Ofsted!

In today’s teaching world, we are all expected to be “digital natives” and to use all the tools available to enhance teaching and learning. We look to use all sorts of devices to help us communicate, to make life simpler, to be more efficient. We don’t use diaries any more but link our calendar of meetings to our phones or to Outlook. We don’t really need to talk to each other because email, Facebook and Twitter obviate the need for oral communication. We are starting to live in worlds that are hermetically sealed, as our work and social activities become increasingly electronic.

There’s nothing startlingly new in the above paragraph; but with all these new technologies come serious implications for safeguarding. Alarmingly, some teachers are blithely unaware of, or choose to ignore, situations that could cause untold damage to their careers.