Educating your employees

Why staff are your most valuable asset when it comes to data security

By Adam Winwood, Arden Group

Cybercrime is a real risk to the majority of organisations and not a week goes by without a news story highlighting another security breach where personal and sensitive data has been put at risk. This is no different for in the education sector where a security breach could seriously affect the reputation of a school and risk the safety of its students. Unfortunately, when it comes to protecting data within a school, it’s often the staff and students who are unknowingly compromising security. Adam Winwood of Arden Group outlines how hackers can access secure data, the steps to take to enhance protection and how training for both staff and students can help to minimise the threat of an attack.

While cybercrime may be considered to be an issue that only affects the corporate world, data protection applies to any organisation which stores personal information, particularly schools which hold the details of thousands of current and past students. Schools store some of the most sensitive data that is available in relation to race, ethnicity, physical or mental health, sexuality and criminal offences, as well as personal data such as employee payroll details, home address and contact numbers. Schools have a duty of care to their students and this should extend to protecting their personal information.

Take unsecured Wi-Fi as one example of a weak point. Many schools favour the low maintenance and ease of an open connection, however this can provide an ideal portal for cybercriminals to gain access to the entire school network. Phishing scams are also rife within the education industry and are becoming more sophisticated with hackers ‘befriending’ individuals in order to share an infected link.

When it comes to the identity of the hacker, it’s not always the stereotypical ‘criminal hacker’ either, in fact students themselves can be the biggest threat to a school’s cyber security

When it comes to the identity of the hacker, it’s not always the stereotypical ‘criminal hacker’ either, in fact students themselves can be the biggest threat to a school’s cyber security. Whether it’s for kudos among their classmates, boredom or even to extend a deadline, students can pose a very real risk to data security. Just last year, students hacked into the email account of their teacher to access the answers to an exam in order to prepare, and this isn’t an isolated incident. 

The first steps towards cyber security should be ensuring appropriate software is in place. Up-to-date anti-virus protection should be installed on the end points, gateways and servers, with Software as a Service (SaaS) packages in place to guarantee the network is always up to date with the latest security features.

Educating teachers, administrative staff and students should be the next step and making sure they appreciate the ramifications of security breaches for themselves and the school. For staff and students alike, outlining the tell-tale signs of phishing scams in emails such as typos, incorrect terminology or uncommon email addresses could help ensure rogue links won’t compromise the network security. Training on what can and can’t be downloaded via the Wi-Fi system is also recommended. 

Guidance for teachers should be centred on devices such as laptops and tablets which they regularly take from the school premises, and are potentially logging in from unsecured networks remotely. To prevent student hackers, it is advised that staff and teachers are trained on how to look out for suspicious online behaviour and resolve it before it becomes an issue. For extra protection, schools can create a separate network for students to work on, ensuring that sensitive or personal information stored on the main server can’t be accessed by unauthorised users.

When it comes to protecting data within a school, it’s advised not to cut corners to reduce costs. Schools deal with sensitive data every day which means they are a target from student hackers right through to cybercriminals. For peace of mind, it’s recommended to seek help from an external specialist who can handle data protection, ensure all updates are in place and identify any issues before they result in a complete security breach.