Education sector increases focus on cyber security

Chris Ross, SVP International at Barracuda, looks at how schools and colleges are working to prevent students from online threats

Earlier this year, we revisited the study of professionals responsible for technology within UK schools and colleges that we first carried out in early 2017. Aimed to help us to understand their top concerns when it came to safeguarding pupils, the results showed a considerable year-on-year difference. 

When asked about their number one concern, those responsible for technology in schools and colleges feel least equipped to deal with cyber bullying in 2018. A quarter of respondents (25%) cited this as their biggest concern, with last year’s biggest concern – radicalisation – dropping down to number two (20%).

So does this mean that UK schools have made significant progress in the last year in using technology to safeguard their pupils from radicalisation? Perhaps not, given that there has been an increase in the number of respondents lacking confidence in their organisation’s effective use of technology to implement the Government’s Prevent duty. This has risen from 9% in 2017 to 17% in 2018.

Back in 2015, Prevent was relaunched to help organisations, including schools and colleges, protect pupils from radicalisation and extremism. Three years on the clarity, knowledge and understanding of how to tackle safeguarding issues still seems to be lacking. One positive sign is the significant increase in the training of staff and pupils, with 43% saying that their organisation has invested in staff training around the Prevent duty – up from 19% in 2017 – and almost a third (30%) saying that their organisation has invested in pupil awareness – up from 25% last year. 

When asked about their number one concern, those responsible for technology in schools and colleges feel least equipped to deal with cyber bullying in 2018.

We discussed our findings with Dr Sangeet Bhullar, the founder of WISE KIDS, a non-profit company promoting innovative, positive and safe internet use. She said: “It is noteworthy that the number one issue that schools and colleges feel least equipped to deal with in 2018 is cyber bullying. It is important that we address the underlying issues that lead to young people becoming bullies, getting exploited, or becoming radicalised. Reducing access to dangerous and illegal content is key. However this is not enough. We also need to listen to and engage with young people and work with them to co-create solutions. We also need to help them develop their resilience and wellbeing, so that they feel supported, and able to deal with challenges online and offline.”

Tony Whelton, director of IT services and development at Wellington College, an independent school in Berkshire, also commented on the research: “Many of these findings ring true to me. While cyber security is relatively straightforward for companies – as the focus is on protecting assets and data – we’re in the business of educating young people, ready for their next journey in life. Enabling this securely while enforcing safeguarding procedures is one of our biggest challenges.

 “We’ve recently changed our approach to better protect the online wellbeing of our students. Traditionally, we used to protect students from malware and potentially harmful material by blocking content using categorisation. Now, we also use technology to analyse the data that is being accessed to help identify patterns. For example, viewing material on a subject of concern once or twice may represent someone being a bit curious. However, repeatedly searching for it could mean there is an area of concern.”

Cyber training gains prominence

Whilst awareness and investment in radicalisation may not have increased as much as we would have expected, one area that UK schools and colleges have focussed on is cyber security.

Just over a year on from the UK Government’s announcement that it would invest around £20m in cyber security lessons for schools in England, it’s clear that training of both staff and pupils is high on the agenda. In fact, more than half of respondents claimed that their organisation had invested in cyber security training for staff (56%), whilst training for pupils was being offered in 42% of organisations.

More than a quarter of organisations have also invested in cyber security insurance (28%), the same amount as have invested in technology to help identify and manage risk areas within the school or college in relation to terrorism. 

So why is cyber security so high on the UK education spending agenda?

This doesn’t really appear to be a reaction to having been attacked. Whilst 11% had been hit by a ransomware attack in the past twelve months, this becomes less significant when we learn that only 2% were forced into paying to release their data. 

Recent high-profile stories in the news have certainly played a part. Two thirds of the respondents (66%) claimed that their awareness had increased as a result.

When asked, 70% of those responsible for technology in schools and colleges said they now view cyber security as a necessity for their organisation.

When asked, 70% of those responsible for technology in schools and colleges said they now view cyber security as a necessity for their organisation. Of the remaining number, 18% know that they need it but feel that they don’t have either the resource or budget to implement.

Tony added: “Cyber security training can be tricky as it’s easy to switch off when your teacher talks to you about cyber risks. An effective approach that has engaged our students is using well-known YouTube vloggers as the educators – as they can give real life examples of cyber security issues at work. 

“Staff in education tend to be very trusting, so they do click links from people purporting to be their colleagues or ex-colleagues. This has happened to us, and ransomware ended up encrypting a staff member’s device. Luckily the data was easily recoverable thanks to us using Barracuda backup. However, I’m not surprised that 11% of schools have been hit by ransomware as this is a familiar story I’ve heard from quite a few schools.”

As colleges and schools in the UK continue to encourage and embrace the use of technology both in and out of the classroom, managing student safety continues to be of paramount importance. Yet the breadth of threats combined with the limited budget and resource available seems to be spreading IT departments too thin. Those responsible for technology need to ensure that they’re investing in the best tools and training to protect their students.