Putting cyber safety first in education
Adam Binks, CEO at SysGroup, discusses the need for cyber security provision in schools, and what education providers can do to keep their staff and students safe
Schools, colleges and universities are increasingly working online. Tablets and laptops are replacing textbooks, student data is being stored in the cloud, and teachers are turning to digital tools to educate and engage their pupils.
Even for the most seasoned IT professional, this poses a challenge. The combination of a user-base of digitally savvy students and teachers with raft of wired and wireless technology spread over a large campus arguably makes education one of the most testing environments for IT infrastructure.
Student and teacher safety is a must. Education providers need to take the appropriate steps to protect their data and ensure they are safe when using connected devices and WiFi networks. Aside from putting students at risk, failure to do this may lead to a financial loss, failed compliance or even collapsing Ofsted ratings.
However, a recent report by Ecclesiastical showed that one in five schools and colleges have fallen victim to cybercrime. So, why are so many schools so vulnerable, especially if they think they’ve got all their bases covered?
Across the board
In all tiers of education, students today are being brought up surrounded by technology and the internet, and therefore have extensive knowledge when it comes to the online world. Therefore, curious, knowledgeable students can often easily bypass firewalls to access websites which, unbeknown to them, may carry a virus and infiltrate the school’s IT network as a result. This is largely because students are used to a higher standard of technology at home and may seek unofficial workarounds that can compromise network security and governance.
If schools don’t implement efficient policies and network defences to protect themselves, they’ll simply make it easier for hackers to take advantage of weak entry points to retrieve sensitive data, such as phone numbers, home addresses, medical history, and bank details.
Another problem is that many educators only see the benefits that technology brings to the classroom – improved engagement, enhanced learning and increased pupil-teacher collaboration, to name a few. But with big opportunities comes big challenges, and many simply aren’t aware of the cyber security risks that come with it.
The reality is, technology offers significant opportunities in education, but it carries many risks as well.
In higher education, most colleges and universities have a Bring Your Own Device (BYOD) culture, where students can take their own laptops and tablets into lessons to complete assignments. However, there is a lack of consistency in how personal devices are secured, and the IT department often have next to no oversight of them in comparison to the school’s own. Hundreds of additional devices will put a strain on the network, and few educational institutes have the budget to invest in spare capacity to sit redundant just in case it’s needed.
Tackling the threat
There are many ways that schools and colleges can address these problems. Firstly, conducting a security assessment is critical for identifying where the security gaps in the network are, and working out the future allocation of funds to any necessary technology. All ways to carry out an assessment typically include reviewing the threats, identifying vulnerabilities and the worst-case scenarios.
Schools also need to establish suitable usage policies such as the Keeping Children Safe in Education (KCSiE) regulation; a child-centred approach to safeguarding impressionable children under the age of 18. This requires schools to do everything they can to limit a child’s exposure to risks from their IT system. As part of this regulation, schools must ensure that they have appropriate filters and monitoring systems to protect their pupil’s online safety.
While KCSiE only covers primary and secondary schools, it’s also crucial that colleges and universities have the right policies in place to equally govern their networks to protect their students and teachers.
Once the right regulations are implemented, educators need to adhere to them. Whether it’s an internal IT team or an outsourced managed IT provider, they need to monitor who, and what, is accessing their network. To do so, visibility tools that track and expose threats and identify user behaviour can be applied to achieve maximum visibility and compliance. This will help them filter and block inappropriate content, enable them to see if somebody is accessing the network that shouldn’t be and take the necessary action to prevent serious harm.
To implement a diligent IT security strategy, it might work in a school’s favour to bring in an expert managed service provider (MSP) from the outset. Not only will this take the strain off the school’s internal IT staff, but it will work as an extension of its institution to fill IT security gaps through managed service offerings.
Balancing the opportunity and the risk
The reality is, technology offers significant opportunities in education, but it carries many risks as well. For these to be minimised, everyone has a role to play and it’s critical that both students and teachers have the knowledge and tools to do so. They need to take the time to learn about online safety, what threats are out there, and what damage can be done if not policed properly – it’s not just down to a small group of IT professionals. In doing so, they can reap the rewards of a truly digital education experience, without exposing themselves to cyber threats.