Subscribe to our free fortnightly newsletter and stay ahead with the latest news in edtech

Preparing for risk in the digital world

As schools become ever more reliant on technology, the risk of attacks on their cyber estate become more likely

Posted by Rebecca Paddick | August 22, 2016 | Primary

By Tilden Watson, Head of Education at Zurich Municipal 

Modern technology has brought obvious benefits to the education sector; interactive whiteboards are now commonplace, lessons can be taught remotely via webinar, and the internet presents students with a near-limitless library of information. Online learning resources can help students gain access to a range of educational tools outside the classroom, while allowing staff to monitor their progress remotely. 

But embracing technology also introduces new risks to consider, such as cyber-attacks and data loss. As schools become ever more reliant on technology, the risk of attacks on their cyber estate become more likely. Schools are also susceptible to accidental information loss or misuse and physical system failures. The more information that educational institutions hold and share online, the greater the risk of a data breach, whether accidental or malicious. Such risks need to be reflected in a school’s formal risk management strategy, especially as emerging and non-regulated risks like this can be easily overlooked.

Setting up robust technological defences is an important first step. This will typically include installing firewalls and regularly updating antivirus software; encrypting sensitive data; password-protecting memory sticks and laptops; encouraging users to choose strong passwords and carefully managing user or admin access. 

However, effective prevention is as much about processes and education, and it would be a mistake to think that we can only fight technology with technology. Schools should take steps to educate staff and students on cyber dangers, such as malware, phishing scams and email attacks. Developing the skills to recognise threats and stay secure must become part of everyone’s job, led from the top. This is a school’s most potent weapon against cyber criminals. 

Data breaches can be also be due to human error. A number of schools and colleges have been investigated by the ICO in recent years after student details, including home addresses and phone numbers, were inadvertently made accessible to the public. Organisations can face fines of up to £500,000 or even criminal charges for serious breaches of the Data Protection Act. Schools should consider not just whether data protection training is available to staff, but whether it is mandatory.

Even with stringent security measures, it is impossible to completely eliminate risk. Schools should therefore establish a robust response plan, undertaking a detailed risk assessment before setting up disaster planning and strategies. 

Back-up strategies are the first critical part of this process. Backing up all data is probably not an option available to everyone due to expense, but saving all critical data on external servers or devices should be considered. Data policies should also include regular checks of capacity on back-up devices. Large amounts of data could be backed up overnight, and setting storage data limits for users can help alleviate space issues. 

But it’s only worth backing up data if you have the ability to restore the information should anything untoward happen. This information should be housed on a separate machine from the main server, or on tapes which need to be changed regularly, as these can become less reliable over time.

Restoration strategies are only likely to be successful, though, if staff are aware of procedures and the correct training is carried out. Roles and responsibilities should be clearly laid out. This should include details for the prompt notification of any data breaches to the wider staff and student community, along with steps they can take to reduce the risk of further breaches.

Some schools and colleges may ultimately face the costly task of having to upgrade their computer hardware, after discovering that their machines are slow, unreliable and not fit for purpose. Putting new servers in place may seem like an unwanted expense, but it could see management, maintenance and electricity costs all significantly reduced in the long-term, and ensure the risk of server failure is minimised.

Aside from risk around data and infrastructure, schools are also contending with the complex set of challenges posed by cyberbullying, stretching well beyond the playground and corridors. Technology is developing so quickly; it’s tough to know what the next platform or medium for abuse might be.

It’s not just students that are being targeted; teaching staff are also being harassed by online attacks from students – and by parents

It’s not just students that are being targeted; teaching staff are also being harassed by online attacks from students – and by parents. Head teachers cannot afford to allow this situation to continue, but evidence suggests that too many are failing to take firm action. According to the teachers’ union NASUWT, 40% of teachers who reported online abuse to school management said that no action was taken against students, whilst 55% said no action was taken against parents. Where abuse was reported to the police, more than three-quarters of teachers said no action was taken against either students or parents. 

Head teachers need to understand that they face more than just a moral obligation to protect staff. Schools can be held vicariously liable – when a blameless employer is liable in law for the acts of the blameworthy employee or student – if a sufficient link to either student or teacher cyber bullying can be made to the workplace. For example, the fact that abuse took place on school ICT facilities, during school time, on a school network, may be enough to bring a case.

There is a great deal that schools can do to demonstrate their commitment to stamping out cyber bulling and improve their risk management. Good insurers are able to offer essential help and advice on this ongoing defence. Zurich Municipal advises its customers to take a school-wide approach, setting out guidelines from day one. This approach should be consensual and collaborative, creating a dialogue with teachers, pupils and parents or carers. 

Protecting schools from the myriad risks posed by evolving technology ultimately comes down to robust risk management and planning. Despite the complexity of the issue, there are clearly proactive steps that schools can take to ensure they are helped, rather than hindered by technology.  

Subscribe to our free fortnightly newsletter and stay ahead with the latest news in edtech

Related stories

More chances for school kids to hold a meteorite, with STFC

Plymouth first to be IISP accredited under new scheme

Review roundtable: Simon Harbridge

Market place - view all

Arkivum

Arkivum provides data archiving services to a range of industries ...

Fujitsu

Fujitsu provide information technology solutions for businesses inc...

AVG

AVG Antivirus offers a range of products that are ideal for Educati...