If teaching staff are going to protect their students, themselves and their institution against modern day threats, it’s vital that cyber awareness and online safety training takes place on a regular basis.
Within the statutory safeguarding requirements imposed on UK schools, government guidance states that “all staff should receive appropriate safeguarding and child protection training (including online safety)”.
This cyber awareness education needs to be received on an ongoing basis to provide staff with the relevant skills and knowledge around evolving threats, helping to create a culture that promotes safety in learning environments. This will also improve digital resilience and protect institutions from being exposed when new risks enter the online world.
This training is vital, but all too often it isn’t happening. A recent report highlighted that 41% of UK school staff say they haven’t received any online safety training. This mirrors the conversations I’ve been having in schools recently – with many also not knowing that this cyber awareness training was now an expectation.
This training is vital, but all too often it isn’t happening
This is worrying, as the implications of this failure to educate teachers can be devastating. It can impact institutions financially, reputationally and productivity-wise – by denying students and teachers access to learning tools via the internet.
By providing regular awareness training, however, institutions can empower their staff. They will be able to act confidently, knowing they are following internet safety best practice, and spot the signs of a possible attack and potential threats – such as phishing attacks and malicious downloads.
This is especially important where remote learning is taking place or when people and devices are not on site (within the ‘safe’ school environment) and defences are weaker.
Ensuring these programmes are taking place can be a challenge though, especially for educational institutions that don’t have the time or resources to implement a comprehensive cybersecurity plan. All too often school IT managers are consumed by day-to-day tasks, sorting new laptops or troubleshooting WiFi issues, and they are unable to take responsibility for implementing a wider education strategy.
If this is the case, schools should consider implementing the following steps to ensure they are building basic cyber resilience.
- Encourage strong passwords: the need for strong passwords remains crucial. It can be easy for cybercriminals to access data about individuals, so it’s sensible to avoid using obvious personal information as the basis of a password. It’s also important to use different passwords for different accounts. We recently carried out a security audit at a school where a member of staff was using the same or similar passwords for 50 different accounts! If a hacker cracked one, they would have access to everything.
- Two-step authentication: activating two-step authentication is a simple way to create a ‘belt and braces’ approach to security. This extra hurdle will make life much harder for nefarious actors. Users will need to enter both your password and a security code, usually sent to a mobile device, to gain access. The most popular cloud apps, including Dropbox and Outlook360, have this built in for free – it just needs institutions to switch it on.
- Software and devices updates: passwords aren’t the only gateway for potential attacks. Devices can become vulnerable is they are not kept up to date. So, ask yourself is the latest version of antivirus and antimalware running on your devices? Is the Firewall active? These things should be checked on a regular basis. All too often, however, checks on devices, in particular those used remotely, are neglected.
It would also be a good idea to assign a dedicated person to work with a cybersecurity specialist or third-party partner to deliver awareness training – and make sure these education programmes take place on a regular basis.
These steps will protect students and staff – giving them what they need to stay safe. It will also reduce the risk to institutions and ensure they remain resilient to constantly evolving online threats.
You might also like: Are we entering the era of ‘Netflix and skill’?