The Information Commissioner's Office recommends the use of encryption software to prevent data leaks. To aid this, schools should look towards specialists for examples of best practise and guidance on how to factor encryption into their wider security practises. Encryption specialists recommend the use of file and email encryption, as well as full disk and removable media encryption. This extends to the encryption of portable devices, such as laptops and iPads, and portable storage media, for example, USBs, CDs and DVDs. Secure shredding – the deletion of old data no longer required by an organisation – should also be considered with the lifecycle of data also in mind, and the ability to scale also ensures security no matter how many devices join the network.
When choosing where to store a device's data, security must be kept in mind. All too often it is lapse-minded employees accidentally leaving devices in public that represent the biggest risk. The ultimate aim of any school’s IT policy should be to create a ‘security aware’ staff and student body. Both groups need to be conscious of the security risks they’re exposed to, how to defend against them, and to feel empowered to intelligently respond. The growing trend for ‘digital schooling’ - whereby tablets function as a key tool in lessons and for homework and further study - means that a firm IT security strategy needs to also be communicated beyond the staff body and practised by all members of a school’s community.
Research by ESET UK into the attitudes of young people towards cyber security conducted earlier this year, suggests 50 percent of those aged 9 to 16 have had no formal internet safety teaching in school. With human error - often the downfall of any security plan - these blind spots in basic cyber education need to be addressed as a priority to ensure a culture of cyber-awareness is fostered in children from a young age.
With Ofsted ratings at risk, the prevention of access to confidential information should be a key focus of any school’s IT security team. Encryption, coupled with education, represents a simple yet effective solution. Low system requirements and minimal maintenance ensures its benefits are experienced by all users. It only takes one theft or loss of a single device to put a network and data concerning pupils at risk. Through encryption, the risk of non-compliance is greatly reduced.
Photo credit: M_Thierry - image has been edited