Schools, just like any other commercial or public sector institutions are now reliant upon the internet and broadband services for day-to-day operations and activities. These technologies bring a huge range of opportunities and benefits, offering new ways to support teaching and learning, whilst streamlining operational and administrative processes. But they also bring a range of risks if not managed and maintained appropriately.
What do I need to think about?
Your information security policy should demonstrate a reasonable duty of care in providing a safer and better online environment for all users, so does yours cover the following?
» Creating a culture of responsible use
It is essential that your strategy for keeping your network secure and protecting your school’s information be embedded throughout your school community. And also it’s important for you to keep your staff up to date on their obligations – are they following your password policy? Do they know how to safely use removable media and connect to the network remotely?
» Statutory Requirements
- Appropriate design and operation of ICT systems
- Authorised use of ICT facilities
- Security of personal data and management in line with Data Protection legislation
- Safeguarding records from loss, destruction and falsification
- Licensing of software
- Use of copyright materials
» Filtering and Monitoring solutions
» Secure Transfer Services
» Managing mobile devices
But implementing BYOD requires a well thought out strategy which considers, amongst many other things, the readiness of your services to work in a distributed manner, the capabilities of your wireless network, your web filtering infrastructure, end point security and access control. The policies need to be in place to handle the security implications of such a large shift in your approach to service delivery.
» Alerting illegal content & incident management
Our Online Safety BOOST toolkit has some great elements to help in the event of an issue. The Incident Response Tool will guide you through the steps to take and the evidence required ensuring your actions are compliant. Our Whisper anonymous reporting service enables your school community to report issues directly from your website.
» Preparing for a hack
Schools should always be prepared for a hack attempt – whether this be a DDoS (Distributed Denial of Service) attack, malware propagation (e.g Trojan horses), social or physical hacking attempt. Hacks will seek to gain access to school data and systems, to use school systems to mount further attacks, or to use school systems or data for illegal or unauthorised purposes. Would your school network be protected in the case of a hack attempt?
How can SWGfL help?
If you feel that your information security policy isn’t quite stacking up and you need some support, don’t worry, the team at SWGfL are here to help.
We have developed a half-day training session called ‘Lines of Defence – Information Security for Schools’ which will help you identify your strengths and weaknesses and support you in developing a strategy to improve your policies and practices.
If you would be interesting in booking this session for your school, please contact the Education Team with our contact form.