As schools become increasingly vulnerable to cyberattacks, Mark Rosser looks at the latest advice for keeping both systems and students safe
Cybercrime has become a part of our daily lives; incidences of malware continue to rise year on year. The more advanced the technology becomes to combat these breaches, the more sophisticated the hackers become. It is no longer possible to say that a school, business or personal accounts will not be hacked; it’s more about damage limitation when it does happen.
Everyone is at risk and the dangers are broad and deep. For example, schools may not have the same level of cash flow as a bank, but for hackers, accessing ten schools’ banking systems can be as lucrative and a lot easier than targeting one bank. One rumour heard by Neil Watkins of schools’ IT provider Think IT, was of a secondary school that fell for a phishing email shortly after the new financial year and found £1m less in its bank account.
Personal data such as a school’s employee or parental database can be valuable to hackers. Moreover, Watkins has personal anecdotes of pupils hacking into school systems so they could get their exam results early, or into peers’ accounts in order to maliciously destroy their work. In the current climate, radicalisation, particularly through social media, is becoming an increasingly real phenomenon. Stalking and online bullying are, as schools are all too aware, also on the increase.
Evidence suggests that internet breaches occur largely as a result of weak systems. Schools that do not have an awareness of their responsibilities, effective IT infrastructure, and lack of staff and student training, will be at risk. “The increased implementation of the secure, encrypted HTTPS (Hypertext Transfer Protocol Secure) platform has caused difficulties for some schools’ content filtering systems,” explains Rebecca Hamer of Exa Networks. “As the traffic passed across HTTPS sites is encrypted, some filtering services are unable to see the content present on the website to filter it accordingly. As a result, we have seen many schools move to advanced content filtering systems to ensure that they are effectively protected across all platforms.”
However, as David Tindall, managing director of BESA member organisation, Schools Broadband explains, “The DfE’s ‘Keeping Children Safe in Schools in May 2016’ states that schools will need to be careful that ‘over-blocking’ does not lead to unreasonable restrictions as to what children can be taught with regards to online teaching and safeguarding.” So, how can schools balance safe internet access with giving students the freedom to be adventurous when exploring their learning? The following actions will help:
Three point plan
Step 1 – Expert advice
Clearly most schools will need help, advice and support when it comes to cyber-security. Patching vulnerabilities, using intrusion prevention and detection software, and employing encryption where appropriate are all terms that are foreign to most. Therefore, finding a good partner with an in-depth appreciation of each school’s individual needs is imperative.
Companies specialising in the education sector, such as BESA members Exa Networks, Schools Broadband, Firefly and Think IT are well placed to provide appropriate support. “Commonly, schools turn to solutions such as those from Microsoft or Apple,” observes Watkins. “However, the challenge is that those are the most frequent targets for hackers, including young ones. While big companies are constantly bringing out updates, schools often configure their systems so that those updates often aren’t applied to all machines.”
Step 2 – Educating users
Because protection is no longer guaranteed, schools also have to approach security in terms of education, cybersecurity awareness training, and best practice usage. Every member of staff and student should understand the dangers and approach networked content safely.
A recent parent survey found that ‘only half of parents feel equipped to teach e-safety at home’. In terms of approaching this, Jackie Harden, former primary school teacher and Firefly client experience consultant recommends the thinkuknow.co.uk website. “This is a fantastic resource for teachers, parents and children to learn about staying safe online,” she advises. “There are also some brilliant Horrible Histories clips (e.g. ow.ly/5EsS3064zdg), which take a light hearted route into different online safety issues such as privacy settings or being careful about the content you post online.
“Teaching children the importance of password controlled profiles and setting up user accounts for them that only allow access to approved apps, games and sites is another way to encourage independence within a safe environment,” continues Harden. “Online teaching and learning tools can facilitate this really well, enabling children to search information safely as well as develop other online skills such as taking ownership of material and understanding copyright.”
Step 3 – Parental involvement
Despite not being able to assume that parents will have educated their children about how to use the internet safely, Harden believes that “the best results come when teachers and parents work together. Schools should keep parents informed and involved so that they can continue the conversation at home (or even better, for teachers to build upon what parents have already put in place!).
About the author
Mark Rosser is membership manager at the education sector’s trade association BES.