Secure savings

Nicola Yeeles looks at how you can ensure your education technology purchases offer long-term return on investment, and why security and safeguarding should be top priority

Robots, mobile apps, wearable technology, video games, 3D printing. What gets your pupils going? It seems there’s an ever-changing shopping list of emerging technology for schools and colleges, but given the swiftness of progress in tech, choosing where to spend can be tricky. School and college leaders are looking to find technology that will support current and future cohorts and will offer the best value for money long-term. But they also want to secure their site, offer pupils a safe online environment, and protect everyone from cyber attacks.

So what’s the priority? Holger Bollmann, director of further and higher education payment experts at WPM Education, has an answer. He says: “Educational institutions everywhere should treat e-safety and security as a priority, both in the interest of protecting the wellbeing of students and staff – and in the interest of protecting their reputation. We partnered with YouGov recently on a report which confirms just this. Parents of students attending university or college consider compliance with data security legislation ‘important’ or ‘very important’ – 81% and 78% respectively. It’s also an issue for the students themselves: 67% of those in higher education and 54% of those in further education feel the same way.” 

Prioritising security

He cites recent high-profile cyber attacks in both the public and private sector as justification for putting security at the top of the list – fiascos like the ones at Penn State University, who announced in 2015 that they had been subject to two cyber attacks putting over 18,000 people’s personal information at risk. Bollmann says: “This problem will become especially pronounced with the introduction of EU legislation designed to make these organisations disclose breaches as and when they occur. When this happens, an institution’s credentials could well be diminished through no fault of the teachers, lecturers, senior leadership, or the respective finance and administration departments.”

In the event of a data breach, or a theft, the financial impact wouldn’t be limited to the information or money stolen. There would be further penalties in the form of non-compliance fines, and the organisation would need to investigate the problem and mitigate any damage done. 

Bollman offers some words of advice. He says: “Of course, the best way to avoid a bruise is to make sure you don’t get hit in the first place. Too many companies and organisations only take security seriously in the aftermath of an attack. The best advice I can offer educational institutions is simple: take the initiative and invest in improving your institution’s security awareness as soon as possible.” He suggests that for those schools and colleges who have payments going through their website, sector-led organisations like the Payment Card Industry Data Security Standard (PCI DSS) special interest group (available at www.pcidsssig.org.uk) are an ideal first step to addressing the specific security concerns linked with payment data.

In control

Of course, the growing popularity of bring your own device (BYOD) policies, especially in colleges, places new demands on the IT department to secure devices that they are not in direct control of. Bruce Miller, vice president for product marketing at Xirrus, highlighted the issues: “Think ahead to the first day of the next term. Students will arrive on campus with multiple Wi-Fi devices – perhaps a laptop, tablet, smartphone, gaming device and fitness bracelet. And students will expect to connect right away. Sending the entire student body to the IT department to register their devices isn’t practical.”

With an open, unsecure Wi-Fi network, connection to the network is simple (just connect, no password) but the corresponding risk is that student data could be snooped and devices hacked. So many education organisations use an agent or app that gets downloaded to the device to auto-configure it for secure access. 

This approach can add significant cost, complexity and time to the deployment, and frustration to the users but there are ways to save. For example, the Jisc-provided eduroam is attractive because it can use open-source vendor agnostic software for management. Like other Wi-Fi networks it may be able to reuse an organisation’s existing Wi-Fi infrastructure to provide the service, thus avoiding additional costs.

Advertisement

Prevention rather than cure

So in the case of data and payment security, the message is prevention rather than cure, and organisations can invest wisely now to help prevent future threat. The same philosophy can be applied to safeguarding. Over 40% of UK secondary schools in the UK already use Impero Software’s flagship product, Impero Education Pro, which enables teachers to monitor, detect and address a number of online safety issues. These include cyber-bullying, sexting, inappropriate access to adult content and, more recently, radicalisation and extremism. As well as monitoring live thumbnails of a student’s screen, the technology includes keyword policies developed with leading charities to alert teachers when terms are used. By defining terms such as ‘YODO’, a phrase used by jihadist sympathisers meaning ‘You Only Die Once’, the glossary gives teachers and safeguarding experts – who are part of the solution to the problem – the tools they need to identify, intervene and safeguard at-risk pupils.

Sam Pemberton, chief executive officer at Impero Software, says: “Monitoring pupils’ online behaviour must be a fundamental part of tackling the ever-increasing threat of online radicalisation. It is not about spying on children or criminalising their online activity, it is about safeguarding them and opening up dialogues so that, where appropriate, counter narratives can be put in place.” He adds: ‘Radicalisation is only the latest in a whole host of online safeguarding issues. Over time the nature of these threats will change and evolve but the way of tackling them remains the same. A good monitoring system will help schools better anticipate and deal with issues as they arise, not when it’s too late.’

Technology can also play a role in pupils’ physical safety on campus. CCTV has become increasingly common in schools over the past few years; in November 2015 Yorkshire independent school Queen Ethelburga’s School hit the headlines for installing 700 cameras to monitor activity within its walls. Recent advances in visual technology mean schools can get more accurate pictures. One school that has prioritised optimum image quality is Harton Technology College in South Shields, Tyne and Wear. Sony has installed the world’s first Sony 4K video security education solution at the school, which means much greater image clarity. Sir Ken Gibson, the school’s executive head, explains: “Since installing the solution, we have been very impressed with the enhanced image quality and wider scene capture. Our students feel safe and secure and parents have peace of mind, which is of paramount importance to us.” The installation adds to the school’s existing and extensive network of around 100 cameras.

Radicalisation is only the latest in a whole host of online safeguarding issues

Once a school or college has decided to invest further in IT and security, it is crucial that they factor in upgrades of those IT assets over time. This can represent substantial investment. Cloud security company Qualys provides a free tool called AssetView – using this, education IT teams can keep track of all those assets over time to check that they use the latest software updates, such as patches for Microsoft Windows or common software products like Adobe, Office and internet browsers.

More complex organisations may benefit from Jisc’s financial x-ray service which brings to light total expenditure across all parts of an organisation’s IT spend. Some might be hidden; for example, if the modern foreign languages department has a subscription to specific websites for language learning, while the art department has used its budget to invest in photo editing software. The service helps IT departments understand what’s going on across campus, and easily compare the costs with other similar organisations. 

The financial x-ray is designed to help build a business case for changes in IT infrastructure like moving to cloud computing, and create an ongoing mechanism for dialogue between finance and IT staff.

Common sense, and a recent study from the OECD, suggests that investing heavily in school computers and classroom technology does not improve pupils’ performance. Nevertheless it is clear that making wise investments towards safety and security on the school and college site can support a safer learning environment which will benefit everyone. What’s at the top of your list for 2016?

 AssetView is free for organisations to use. It is available at https://www.qualys.com/free-tools-trials/assetview/

Advertisement

Independent Education Live

Five hours of live discussions with influential heads addressing lockdown plans, diversity, nutrition education strategies and cross-sector partnerships.

(LAST FREE TICKETS REMAINING)