How secure is your school’s information?

Schools, just like any other commercial or public sector institutions are now reliant upon the internet and broadband services for day-to-day operations and activities. These technologies bring a huge range of opportunities and benefits, offering new ways to support teaching and learning, whilst streamlining operational and administrative processes. But they also bring a range of risks if not managed and maintained appropriately.

What do I need to think about?

Your information security policy should demonstrate a reasonable duty of care in providing a safer and better online environment for all users, so does yours cover the following?

» Creating a culture of responsible use

Developing and implementing your information security policy should be a collaborative effort involving your senior leadership team, network managers and IT technical staff.

It is essential that your strategy for keeping your network secure and protecting your school’s information be embedded throughout your school community. And also it’s important for you to keep your staff up to date on their obligations – are they following your password policy? Do they know how to safely use removable media and connect to the network remotely?

» Statutory Requirements

As you’ll be aware, schools are required to demonstrate compliance with a range of legislation when it comes to data and information. To ensure your school meets these requirements, your policy should include the consideration of:
  • Appropriate design and operation of ICT systems
  • Authorised use of ICT facilities
  • Security of personal data and management in line with Data Protection legislation
  • Safeguarding records from loss, destruction and falsification
  • Licensing of software
  • Use of copyright materials

» Filtering and Monitoring solutions

To protect your users and their information, the perimeter of your school network should be policed appropriately. Things to consider here include firewalls, filtering of websites for malicious as well as inappropriate content, antivirus and malware checking, spam filters, monitoring and establishing appropriate internal network security configurations. How does your policy shape up?

» Secure Transfer Services

Schools are awash with personal data, and it is the responsibility of your organisation to ensure that this data is protected. Do your staff understand the security implications of sending information across both an internal and external network? Do you have a policy in place for which services can be used to transfer files? What types of information should be encrypted?

» Managing mobile devices

With students and their smartphones now coming hand-in-hand, the demand for Bring Your Own Device ( BYOD) is increasing. Both students and teachers are wishing to connect their own devices (tablets, smartphones, and laptops) to your school’s network, which can bring a great number of benefits including facilitating learning beyond the classroom, and greater engagement through interactive learning. Moving your services to naturally distributed and device agnostic platforms can also bring cost savings in the long-term.

But implementing BYOD requires a well thought out strategy which considers, amongst many other things, the readiness of your services to work in a distributed manner, the capabilities of your wireless network, your web filtering infrastructure, end point security and access control. The policies need to be in place to handle the security implications of such a large shift in your approach to service delivery.

» Alerting illegal content & incident management

Without proper planning, it is inevitable that something will probably go wrong at some point. But provided you have procedures in place for logging, reporting on and managing incidents, damage can be minimised, lessons can be learned and normal service can be restored as quickly as possible.

Our Online Safety BOOST toolkit has some great elements to help in the event of an issue. The Incident Response Tool will guide you through the steps to take and the evidence required ensuring your actions are compliant. Our Whisper anonymous reporting service (part of the BOOST toolkit) enables your school community to report issues directly from your website.

» Preparing for a hack

Schools should always be prepared for a hack attempt – whether this be a DDoS (Distributed Denial of Service) attack, malware propagation (e.g Trojan horses), social or physical hacking attempt. Hacks will seek to gain access to school data and systems, to use school systems to mount further attacks, or to use school systems or data for illegal or unauthorised purposes. Would your school network be protected in the case of a hack attempt?


How can SWGfL help?

If you feel that your information security policy isn’t quite stacking up and you need some support, don’t worry, the team at SWGfL are here to help.

We have developed a half-day training session called ‘Lines of Defence – Information Security for Schools’ which will help you identify your strengths and weaknesses and support you in developing a strategy to improve your policies and practices.

If you would be interesting in booking this session for your school, please contact the Education Team with our contact form.

Back to Magazine

Related Articles