The crucial role cyber security plays in student safeguarding by Sonia Blizzard, managing director of Beaming, the business ISP
Specialist schools increasingly rely on the internet and online resources. Edtech is brilliant at offering students the tools they need to learn in a way that suits them.
Connectivity is also important for SEND educators, from recording and reporting detailed performance data to sharing content and collaborating with students. Any downtime in the availability of IT services only creates more disruption, that directly impacts students. This means it is vital that schools take all the steps they can to keep their systems, people and data safe and secure from cyber attacks.
These schools face the same cyber security threats as other organisations and are targeted more than a thousand times a day each by cyber criminals seeking to compromise their systems. In the UK, more than three quarters of mid-sized organisations fell victim to some form of cyber crime last year. Phishing attacks, malware and data breaches were the greatest areas of vulnerability.
Cyber criminals are keen to target young people who can be tech savvy but naive. According to guidance from the Department for Education (DfE), schools need to put in place “an effective approach to online safety”, to “protect and educate” the whole school.
Here are five tips that schools should consider to enhance their resilience to cyber attacks and safeguard their students, staff and computer systems:
1. Filters and Monitoring: Locking down the entire school system is expensive and counterproductive, so effective content filtering systems should be used to block inappropriate content. The appropriateness of any filters and monitoring systems differ for individual schools, but there should always be a balance of safety without unnecessary restrictions that impact what students can be taught.
2. Staff Training: It is important for SEND educators to understand their role in upholding good cyber security practices at school. The DfE suggests that “as part of the requirement for staff to undergo regularly updated safeguarding training...online safety training should be integrated, aligned and considered as part of the overarching safeguarding approach.” Responsibility should also be placed on senior staff members to implement and enforce a cyber security policy. Government regulation already requires them to be responsible for student safeguarding. Cyber security and online safety should be taken no less seriously.
3. Physical Security: Cyber security planning should also include the physical security of hard drives, internet routers, servers and other devices on which data can be stored. Any device holding sensitive data should be encrypted. This also relates to access control. Schools should establish effective processes for managing user privileges to their systems to minimise the risk of deliberate and accidental attacks. Users should be provided with the minimum level of access they need to do their job. When staff members leave the school, their access should be revoked promptly. All records should be kept up to date to prevent exploitation of old accounts.
4. Education: While putting restrictive measures in place is good, schools have some expectation to educate kids on the dangers of poor cyber security practices. Schools already make special efforts in PSHE education to teach kids about safeguarding. Although extra attention should be paid into how online safety factors into this. The DfE states how schools should “ensure that children are taught about safeguarding, including online safety. Schools should consider this as part of providing a broad and balanced curriculum.” This extends to personal devices like mobile phones. Students should be taught about acceptable use of their personal devices, how they interact with each other on social media and where to turn for help.
5. Cyber security technologies: Schools should know precisely what hardware and software is being used on their networks and ensure configuration changes are authorised, documented and implemented appropriately. Devices should be set up so that only approved users can make changes. Software updates and security patches should be implemented quickly when released by manufacturers. As well as that, schools should establish a strong boundary to firewalls and internet gateways to protect school networks from cyber attacks, unauthorised access and malicious content. Cyber security controls should be monitored constantly and tested on a regular basis.