Cyberthreats: 10 things schools need to know

David Booth

David Booth is Managing Director of IASME Ltd, which provides security advice and certification for small businesses and the Government.

Website: Email This email address is being protected from spambots. You need JavaScript enabled to view it.

Getting computer security right in a school is much trickier than doing so in a business. How much money can you spend? How much time can you devote to the problem? Should you have a regime in which you enforce, or merely guide? How do you win the cooperation of parents, principals and students? Security expert David Booth discusses the principles of information security for schools.

[As seen in the June 2014 edition of our magazine]

1. Understand Your Risk

Identify your most sensitive information and mark documents containing this data clearly as “confidential” or similar. Decide who is responsible for managing the risk. Work out how much risk you face and how much risk you want to take. Allocate security responsibilities clearly to other staff and ensure staff understand the importance of working securely.

"Limit who knows the password to those who REALLY need to know."

2. Teach Good Practices

Remind staff regularly about good security practices, especially when the risk or the policy changes. If you use social media, you should ensure that all staff know that no sensitive material should be disclosed and that users behave responsibly while using it, bearing in mind that they directly or indirectly represent the school.

3. Protect your Network and Devices

Make sure that any router supplied by the Internet Service Provider (ISP) has a firewall built in and make sure it’s operational. Limit who knows the password to those who REALLY need to know.Install modern proprietary security software from mainstream suppliers like Symantec, Sophos or Kaspersky on your PC/MAC and laptops. Preferably use a suite of software which includes anti-virus, anti-spam, identity protection and other protection because they are generally easier to manage.

4. Manage IT Access

Don’t write passwords down or share them between users. Use different passwords for each application. Some security software providers offer password ‘vaults’ which allow complex passwords to be generated and then stored in an encrypted form, so you don’t have to remember them. Limit administrative privileges on your network and devices to those who really need them. They might be enabled when software is installed, so be careful.

5. Keep Your IT Up-To-Date

Document your IT assets so you know what you’ve got. IT assets will include hardware, software and even key IT staff.Install current software and operating system patches, firmware updates, etc. immediately when they are issued. Ensure all software is licenced.

6. Use of Removable Media

If you transfer data using CD, DVD, USB, SD or any type of flash memory drive:Only permit school issued and controlled devices in your systems. Issue, retrieve and track the devices - know where they all are, who has them and, ideally, what software is on each. Ensure they are encrypted and scanned for malware on each use. Many commercial anti-malware packages have the ability to scan removable media.

"Remember that all data stored in the cloud or processed using cloud-based applications is available to the bad guys."

7. Mobile Working

The use of mobile devices should require top-level approval. Such devices must, at a minimum, have:

• Anti-malware software installed and updated, daily.
• Pin, password or other authentication installed.
• Encryption, wherever possible.
• Capable of being remotely tracked and wiped.

8. Using the Cloud

Cloud computing can simplify your IT operations, but there are risks. Outages in service are no longer within your own ability to fix. Data leakages are no longer within your remit to control. Security policies are no longer necessarily yours to decide and to enforce. You cannot outsource or “cloudify” all aspects of computer security.Remember that all data stored in the cloud or processed using cloud-based applications is available to the bad guys. Where you use data storage, applications or other services which are provided by another business, you should choose one that has security which has been independently audited.

9. Incident Management and Business Continuity

Document any incident and decide what caused it, how much it costs to fix and whether there is anything you could do better in future. You should ensure that you know what to do on the catastrophic failure of anything critical to your school, such as information, applications, systems or network. Don’t wait for an incident to try out the plan.

10. Further reading

The government has issued cyber security guidance for business most recently online, relating to basic elements of technical-cyber security.

Do you have any essential tips to add? Share them below!

Register for free to continue reading
Registration is a free and easy way to support us.
When you register, you'll join a grassroots community where you can:
• Enjoy unlimited access to articles
• Get recommendations tailored to your interests
• Attend virtual events with our leading contributors
Register Now

Latest stories

  • How to handle stress while teaching in a foreign country
    How to handle stress while teaching in a foreign country

    Teaching English in a foreign country is likely to be one of the most demanding experiences you'll ever have. It entails relocating to a new country, relocating to a new home, and beginning a new career, all of which are stressful in and of themselves, but now you're doing it all at once. And you'll have to converse in a strange language you may not understand.

  • Is Learning Fun for You, Teacher?
    Is Learning Fun for You, Teacher?

    Over the weekend, my family of five went to an Orlando theme park, and I decided we should really enjoy ourselves by purchasing an Unlimited Quick Queue pass. It was so worth the money! We rode every ride in the park at least twice, but one ride required us to ride down a rapidly flowing river, which quenched us with water. It was incredible that my two-year-old was laughing as well. We rode the Infinity Falls ride four times in one day—BEST DAY EVER for FAMILY FUN in the Sun! The entire experience was epic, full of energizing emotions and, most importantly, lots of smiles. What made this ride so cool was that the whole family could experience it together, the motions were on point, and the water was the icing on the cake. It had been a while since I had that type of fun, and I will never forget it.

  • Free recycling-themed resources for KS1 and KS2
    Free recycling-themed resources for KS1 and KS2

    The Action Pack is back for the start of the brand new school year, just in time for Recycle Week 2021 on 20 - 26 September, to empower pupils to make the world a better and more sustainable place. The free recycling-themed resources are designed for KS1 and KS2 and cover the topics of Art, English, PSHE, Science and Maths and have been created to easily fit into day-to-day lesson planning.

  • Inspire your pupils with Emma Raducanu
    Inspire your pupils with Emma Raducanu

    Following the exceptional performance from British breakthrough star Emma Raducanu, who captured her first Grand Slam at the US Open recently, Emmamania is already inspiring pupils aged 4 - 11 to get more involved in tennis - and LTA Youth, the flagship
    programme from The LTA, the governing body of tennis in Britain, has teachers across the country covered.

  • 5 ways to boost your school's eSafety
    5 ways to boost your school's eSafety

    eSafety is a term that constantly comes up in school communities, and with good reason. Students across the world are engaging with technology in ways that have never been seen before. This article addresses 5 beginning tips to help you boost your school’s eSafety. 

  • Tackling inequality in EdTech
    Tackling inequality in EdTech

    We have all been devastated by this pandemic that has swept the world in a matter of weeks. Schools have rapidly had to change the way they operate and be available for key workers' children. The inequalities that have long existed in communities and schools are now being amplified by the virus.

  • EdTech review & The Curriculum Lab
    EdTech review & The Curriculum Lab

    The world is catching up with a truth that we’ve championed at Learning Ladders for the last 5 years - that children’s learning outcomes are greatly improved by teachers, parents and learners working in partnership. 

  • Reducing primary to secondary transition stress
    Reducing primary to secondary transition stress

    As school leaders grapple with the near impossible mission to start bringing more students into schools from 1st June, there are hundreds of thousands of Year 6 pupils thinking anxiously about their move to secondary school.

  • Generation Z and online tutoring: natural bedfellows?
    Generation Z and online tutoring: natural bedfellows?

    The K-12 online tutoring market is booming around the world, with recent research estimating it to grow by 12% per year over the next five years, a USD $60bn increase. By breaking down geographic barriers and moving beyond the limits of local teaching expertise, online tutoring platforms are an especially valuable tool for those looking to supplement their studies in the developing world, and students globally are increasingly signing up to online tuition early on in their secondary education schooling. 

  • Employable young people or human robots?
    Employable young people or human robots?

    STEM skills have been a major focus in education for over a decade and more young people are taking science, technology, engineering, and maths subjects at university than ever before, according to statistics published by UCAS. The downside of this is that the UK is now facing a soft skills crisis and the modern world will also require children to develop strong social skills as the workplaces are transformed by technology. 

In order to make our website better for you, we use cookies!

Some firefox users may experience missing content, to fix this, click the shield in the top left and "disable tracking protection"