Technology itself obviously has a part to play in protecting the very young people that its reach and availability has seemed to place at risk; but there is no silver bullet here. The human factor is key, and good e-safety is also about awareness and behaviour. It is vital to strike a balance between using the best technologies to protect users and monitor what is going on, and best practice, in respect of leadership, policies, management and training.
The UK Council for Child Internet Safety puts it superbly:
“…while young people’s ‘offline’ and ‘online’ worlds are often merging, the behaviours and safeguards of the ‘real’ world are not always applied in a ‘virtual’ world where friends can be added at the click of button and information shared in an instant.”
The requirements have grown, and teachers and schools face a number of new challenges. Helpfully, there is plenty of advice available from a range of sources out there about their responsibilities and the best ways of meeting them.
The most important starting point is to understand that when we talk about e-safety we are talking about a school’s ability to:
- Protect its pupils and staff whilst they are using technology.
- Educate all its stakeholders about safe practice in their use of technology.
- Intervene and support, where appropriate, when any incident occurs.
Risks can come in the form of:
- Content: Being exposed to illegal, inappropriate or harmful material.
- Contact: Being subjected to harmful technology based interaction with other users.
- Conduct: Personal online behaviour that increases the likelihood of, or causes, harm.
Many schools default to relying on increasingly restrictive approaches and technology ‘tools’ to prevent these risks from occurring, yet Ofsted has shown that excessively ‘locked down’ systems can put students at more risk than more lightly ‘managed’ ones. This is because, in the former, pupils are not given enough opportunities to learn how to assess and manage e-safety issues for themselves. However, the less ‘locked down’ a system is, the more important it is that the technology solutions support leadership and governance across the school.
From a policy perspective, schools should have fully reviewed and regularly updated e-safety/safeguarding/acceptable-use and other relevant policies. These should be clearly stated and articulated often – and should apply to all people on the school site, including governors, visitors, parents, teaching and non-teaching staff and pupils. Policies should be fully risk tested and, particularly in the case of pupils, there should be mechanisms in place to ensure that rules are understood correctly.
Beyond that, while Ofsted has explained what it considers ‘outstanding’ in terms of e-safety, and there are several priorities that stand out, other organisations like Regional Broadband Consortia (sometimes called ‘Grids for Learning’) have published advice and even ‘diagnostic’ tools to help schools assess their e-safety arrangements. All agree that all stakeholders should share responsibility for e-safety, not just management or IT staff – senior leaders, governors, teachers and families should work together to ensure that children are safe, and that all forums, from PSHE classes to assemblies to the wider curriculum, should be used to discuss and reinforce key messages around e-safety.
To support such ‘best practice’ policy and leadership, a strong technology solution is needed, and expert assistance from a technology partner is crucial too. Every school has different needs, so there is not a single off-the-shelf solution that is the best option for everyone. However, to keep pupils safe – and in order to avoid ‘locking down’ too forcefully, I believe that schools should look at including the following in any technology solution for e-safety:
- Filtering, with a ‘scan ahead’ solution which displays ‘cues’ on pages returned showing the user which are allowed, blocked etc – but it should be carefully selected and managed. Too restrictive and pupils will attempt to bypass it on a regular basis, undermining the system, and staff will find it a barrier to teaching and learning - so granular controls are essential. Not restrictive enough and it is not worth having the system in the first place.
- Enforcement and alerting software should be installed across the entire IT estate. Email filtering may miss a message like ‘I’ll kill you’, but it would be picked up by a screen monitoring enforcement product. A screenshot would then be available to IT staff, informing the organisation of what was sent, who was involved and when the incident took place.
- Proxy bypass protection solves most common filter avoidance techniques. Although you’ll never successfully entirely prevent access to content you’d rather not have pupils accessing, good proxy bypass solutions should minimise the risk.
- Regular penetration testing of all solutions should be required – pupils and staff will always try and subvert any restrictions in place, and will very quickly learn what ‘managed’ solutions are in place and how they operate. It is vital to understand where key vulnerabilities are and how users will try to avoid these systems.
How do you handle such e-safety concerns in your school? Let us know in the comments.