10 steps to protect your school against cyberthreats

Alan Mackenzie

E-Safety has been a passion of Alan Mackenzie’s for a long time. He loves technology and the huge benefits that can be realised through global connectivity and collaboration, and is a strong believer that e-safety is an enabler, not a showstopper.

Alan became a CEOP ambassador in 2006, “which was a great starting point, but there is far more to e-safety; the world is changing and technology is diversifying at an extraordinary rate”. He works with hundreds of schools and other organisations including the Police, voluntary and charity sectors, and also with commercial entities, allowing him to keep at the frontline of this ever-evolving area.

Follow @esafetyadviser

Website: www.esafety-adviser.com Email This email address is being protected from spambots. You need JavaScript enabled to view it.

With 30th November marking Computer Security Day, it’s important for schools to know how to fully secure themselves against cyber-threats. Alan Mackenzie, a veteran e-safety consultant, talks us through the top 10 points school staff need to consider when it comes to staying e-safe.

Security has been a hot topic this last couple of weeks, with the most reported story being that of the website hosting live webcam streams of hundreds of devices whose account details had been hacked. The word ‘hacked’ is misleading in this respect, as it suggests a certain amount of effort by the perpetrators, however one could assume that many (all?) of those devices had been left at their default settings, including username and password.

Schools have a huge amount of data that needs to be kept secure, including: personal information (as defined under the Data Protection Act 1998), sensitive information, contractual and financial information, and more. For this reason it is imperative that the security and integrity of the network and data is second to none.

With that said, we also have to realize that the large majority of schools are already within a secure ‘walled garden’. For example, you may still be a part of a broadband consortia (or grid) such as embc / emPSN, SWGfL, e2BN, which is provisioned by your local authority and a significant amount of security work is done in the background on your behalf, such as the hugely-important firewalls and email spam filters.

Here’s a useless fact for you. Many of us dread opening up our email, willing the Inbox to stop filling up. I often speak to headteachers who are having to deal with 100-200 emails a day. When I worked at a local authority an average of 94% of all email was being prevented from getting to user accounts due to being spam, containing a virus etc. Horrifying when you think about it, but just goes to show how important those email filters are.

So here’s a brief introduction to a few things you may like to consider over a period of time.

1. Router

Whilst you may reside within a walled garden, the router is still the front door to your school and is therefore a potential vulnerability. I know from first-hand experience that routers have been set up in schools (by the broadband provider) with either the default manufacturer’s login details or the same login details across multiple schools. Whilst you wouldn’t be expected to know, for your own peace of mind contact your broadband provider and ask for their assurance that the default login credentials have been removed.

2. Server

As the router is the front door, your server is your data hub, and the Administrator access to the server gives access to every snippet of that data. The only persons that should require access to the server (or an Administrator access account) is your IT support. Everybody else should only have access to the particular data they need, ie MIS, financial records etc.

3. Wireless Network

Becoming ever more popular due to a huge increase of mobile devices used in school, wireless networks are a particular vulnerability. However, these can be set up so that they are very secure; for example, only ‘known’ devices can connect. This is sometimes done using the unique identity of the hardware, a little like a fingerprint, known as the MAC address. As with nearly all connected hardware, the most important line of defence (because it’s usually the first line of defence) is the complexity of the password. Ensure your wireless connectivity requires a very strong password and the wireless access points have had their default credentials removed.

4. Devices

Knowing what devices are (or can be) attached to your network is an important security step. For the most part you’ll already know, such as your printers, PC’s and laptops, but what about all of those portable devices? As mobile technology is used more and more it adds extra layers of vulnerability not only from a security perspective, but also from a data integrity perspective.

For example:

  • Do you allow staff to use their own personal devices? If so, have these devices been checked for up-to-date antivirus? Have the apps on those devices been checked to ensure there are no data leaks? 
  • Do you allow USB pendrives or backup drives? Are these virus-scanned when the device is attached to the network?
  • Do you have CCTV in school? Can this be accessed remotely outside of school? If so, who by?

5. Antivirus

Ensure all of your devices (where possible) have appropriate and up-to-date antivirus software that includes email scanning. The antivirus software should be set to schedule frequent updates. I have seen it before where a school had very good antivirus in place, but it hadn’t been set to update (by their IT support company). An email was received within the school that turned out to have an attachment which contained a virus. This virus spread so quickly and generated such a huge amount of data that was leaving the school broadband connection, it had a massive knock-on effect to the broadband of a quarter of schools within the county (affecting just under 100 schools). Luckily, the broadband provider had good resilience in place, so the knock-on effect was short-lived.

6. Passwords

Despite massive advances in technology, we are still reliant on the password for much of our data security, yet equally it is still one of the weakest and most frustrating aspects. Many people will have to juggle dozens of passwords for combined personal and professional use, and annual research clearly shows the same weak passwords being used over and over again. Although a frustration, for the moment it is still an absolute necessity. Ensure your school has a password policy in place which should include requirements such as:

  • How often passwords need to be changed. The industry standard is normally one to two months, but schools commonly have termly changes in place. Children also need passwords, but clearly these need to be age appropriate.
  • Old passwords cannot be re-used (commonly the last eight).
  • They must be at least eight characters in length, and a combination of upper/lower characters and punctuation.

7. Encryption

This cannot be over-stressed. Encryption should not be a ‘nice to have’ it should be a mandatory requirement. Understandably there’s a lot of confusion about encryption and what it is, but simply speaking it is a method of scrambling information so that it is completely unintelligible and can only be unlocked by the use of a ‘key’. If this sounds complicated, it is, but not to the user! Encryption is incredibly simple (and cheap) to apply to the data in your school, for example on newer versions of Microsoft Windows you’ve got BitLocker, and on the Apple Mac you’ve got Filevault. These are an integral part of the software but are turned off by default. Similarly, if staff take work home with them, encrypted USB pendrives are very cheap these days.

8. Cloud

Cloud storage simply refers to data that isn’t stored on your own site or server. For example, you may use a VLE or MIS that is provided by a third party; you may use one of the more popular online file storage services such as Dropbox or Google docs. For this reason, storage of data in the cloud is a massive subject in its own right, but in the context of this article there are two important points:

  • What data is being stored? For example, is it just curriculum work, or is it more sensitive data? Cloud storage providers will have very strict and complex data security processes in place, after all their business relies on the security and integrity of the data.
  • Where is the data stored? Is it inside or outside the EU? The European Union has very strict data compliance requirements, other countries outside of the EU may not.

9. Backups

If something goes horribly wrong, and believe me, it does happen, your backups are potentially all you’ve got. Does your IT support have a backup process which would include:

  • Full backups of all data.
  • Regular incremental backups.
  • Are backups kept on or off-site, and are they stored somewhere that is fire/waterproof and secure?
  • Are regular checks made to ensure the backups are working correctly?

10. Data Protection

Most of the above is about protecting our information regardless of what it is, but don’t forget there are statutory requirements such as the Data Protection Act 1998. For example any loss of personal data has to be reported to the Information Commissioner’s Office, and it is possible that there will be an investigation. Consider the data you’ve got on site; does it need to be protected in some way? Just because it is kept behind locked doors doesn’t mean it’s safe. The weeks before Christmas always see an upsurge in burglaries for your nice, shiny, new iMacs and other attractive devices. Get that data encrypted, and don’t forget the cardinal rule: only keep data for as long as is necessary.

One of the most important facts to remember is that whilst there are always technical vulnerabilities, the weakest link of all is the human factor, particularly when it comes to requirements such as passwords. But, as frustrating as all of these things are, they are a necessity.

For most schools there will be nothing wrong whatsoever, but it’s worth asking the questions of your IT support just for your own assurance.

Does your school cover all of these points? Let us know in the comments.

Register for free to continue reading
Registration is a free and easy way to support us.
When you register, you'll join a grassroots community where you can:
• Enjoy unlimited access to articles
• Get recommendations tailored to your interests
• Attend virtual events with our leading contributors
Register Now

Latest stories

  • How to handle stress while teaching in a foreign country
    How to handle stress while teaching in a foreign country

    Teaching English in a foreign country is likely to be one of the most demanding experiences you'll ever have. It entails relocating to a new country, relocating to a new home, and beginning a new career, all of which are stressful in and of themselves, but now you're doing it all at once. And you'll have to converse in a strange language you may not understand.

  • Is Learning Fun for You, Teacher?
    Is Learning Fun for You, Teacher?

    Over the weekend, my family of five went to an Orlando theme park, and I decided we should really enjoy ourselves by purchasing an Unlimited Quick Queue pass. It was so worth the money! We rode every ride in the park at least twice, but one ride required us to ride down a rapidly flowing river, which quenched us with water. It was incredible that my two-year-old was laughing as well. We rode the Infinity Falls ride four times in one day—BEST DAY EVER for FAMILY FUN in the Sun! The entire experience was epic, full of energizing emotions and, most importantly, lots of smiles. What made this ride so cool was that the whole family could experience it together, the motions were on point, and the water was the icing on the cake. It had been a while since I had that type of fun, and I will never forget it.

  • Free recycling-themed resources for KS1 and KS2
    Free recycling-themed resources for KS1 and KS2

    The Action Pack is back for the start of the brand new school year, just in time for Recycle Week 2021 on 20 - 26 September, to empower pupils to make the world a better and more sustainable place. The free recycling-themed resources are designed for KS1 and KS2 and cover the topics of Art, English, PSHE, Science and Maths and have been created to easily fit into day-to-day lesson planning.

  • Inspire your pupils with Emma Raducanu
    Inspire your pupils with Emma Raducanu

    Following the exceptional performance from British breakthrough star Emma Raducanu, who captured her first Grand Slam at the US Open recently, Emmamania is already inspiring pupils aged 4 - 11 to get more involved in tennis - and LTA Youth, the flagship
    programme from The LTA, the governing body of tennis in Britain, has teachers across the country covered.

  • 5 ways to boost your school's eSafety
    5 ways to boost your school's eSafety

    eSafety is a term that constantly comes up in school communities, and with good reason. Students across the world are engaging with technology in ways that have never been seen before. This article addresses 5 beginning tips to help you boost your school’s eSafety. 

  • Tackling inequality in EdTech
    Tackling inequality in EdTech

    We have all been devastated by this pandemic that has swept the world in a matter of weeks. Schools have rapidly had to change the way they operate and be available for key workers' children. The inequalities that have long existed in communities and schools are now being amplified by the virus.

  • EdTech review & The Curriculum Lab
    EdTech review & The Curriculum Lab

    The world is catching up with a truth that we’ve championed at Learning Ladders for the last 5 years - that children’s learning outcomes are greatly improved by teachers, parents and learners working in partnership. 

  • Reducing primary to secondary transition stress
    Reducing primary to secondary transition stress

    As school leaders grapple with the near impossible mission to start bringing more students into schools from 1st June, there are hundreds of thousands of Year 6 pupils thinking anxiously about their move to secondary school.

  • Generation Z and online tutoring: natural bedfellows?
    Generation Z and online tutoring: natural bedfellows?

    The K-12 online tutoring market is booming around the world, with recent research estimating it to grow by 12% per year over the next five years, a USD $60bn increase. By breaking down geographic barriers and moving beyond the limits of local teaching expertise, online tutoring platforms are an especially valuable tool for those looking to supplement their studies in the developing world, and students globally are increasingly signing up to online tuition early on in their secondary education schooling. 

  • Employable young people or human robots?
    Employable young people or human robots?

    STEM skills have been a major focus in education for over a decade and more young people are taking science, technology, engineering, and maths subjects at university than ever before, according to statistics published by UCAS. The downside of this is that the UK is now facing a soft skills crisis and the modern world will also require children to develop strong social skills as the workplaces are transformed by technology. 

In order to make our website better for you, we use cookies!

Some firefox users may experience missing content, to fix this, click the shield in the top left and "disable tracking protection"