Cyber-safe schools
Nicola Pearce recommends an education and awareness approach to embracing rapidly evolving technology safely
In the current digital landscape, technology remains an integral part of education. However, with this reliance, comes security risks. Now, more than ever, schools are becoming targets of cyber incidents, whether through phishing attempts to steal passwords or ransomware attacks that encrypt files. The importance of cybersecurity cannot be overlooked.
Cyber threats are an increasing concern because as technology evolves, so does the risk. As a result, schools must implement proactive measures and foster a sense of cyber awareness. By doing so, they can effectively minimise these risks and create a safer learning environment for both pupils and staff.
It’s important to note that because of the widespread effect if something goes wrong, cybersecurity should be a collective effort and part of a school’s overall culture, and not just the responsibility of the IT staff. Cybersecurity helps to instil safe digital habits, so while the IT department has a crucial role in implementing and maintaining technical defences, one of the primary ways to mitigate risks is by providing the necessary education and training for all users – staff, teachers, and pupils. By doing so, the importance of cybersecurity is brought to light and encourages individuals to become more vigilant and prepared to protect themselves and the school.
Implementation of new devices
Collective effort is especially important when introducing new devices in schools. The increasingly digital world requires both pupils and teachers to understand the necessary skills to navigate the online landscape as responsibly as possible.
For several reasons, the implementation of the latest technology is essential. For pupils, getting hands-on experience with the technology they will most probably use beyond school will ensure that their learning is futureproofed, and for teachers and staff, new devices such as interactive displays will improve operational efficiency in the workplace.
As well as this, older devices are more likely to create security loopholes that are vulnerable to attacks and data leaks thanks to outdated firmware and apps. It is necessary for systems to be kept up to date to ensure optimal device performance and data security.
Increase in unauthorised individuals
While integrating new technology is beneficial in schools, bringing in new devices to an organisation undoubtedly comes with an increase in risks. It’s therefore fundamental that collectively, all users learn how to adapt to new technologies and the emerging cybersecurity challenges that come with this.
This is where the importance of cybersecurity comes into play. Without sufficient security, these products can not only leave networks exposed but also increase the chances of data leaks, privacy violations, and operational setbacks. For schools, this is critical because with a large number of devices being supported by the network, and with unique scenarios where multiple people are collectively using and logging in and out of one single device (such as a front-of-classroom display or library laptops), pupils, teachers and administrative staff are all at risk.
This before you consider the sensitive data that schools handle, such as academic information, pupil records, and personal data – all of which can be very easily accessed by unauthorised individuals on the network. Although many people are aware of cybersecurity when it comes to personal devices, where one person has access to one device (laptop, phone etc), not many people are aware of the dangers of shared devices.
This is typically the case for teachers who log into a shared device, such as an interactive display, in school and is seen doing so by an entire class. As a result, only data shown on the board must be relevant to the lesson because, in the past, incidents have occurred such as accidentally sharing a safeguarding report, confidential emails, or even personal data.
Protective security measures
To combat unauthorised access, secure practices for prevention must be put into place to prevent the possible tampering or accessing of settings, user files and folders. Using measures such as a secure Account Management System (AMS) and Identity and Access Management (IAM) software, IT administrators can create and manage user accounts by setting unique permissions for individuals or groups and locking down sections of the network which contain sensitive data to ensure only authorised personnel have access. This ensures that the technology is used to its full potential while also keeping it secure.
Using AMS, authentication methods which are typically used by devices can become more secure. Take Single Sign On (SSO) as an example. This authentication method enables users to access multiple platforms securely using one set of credentials, and through a secure AMS only allows authorised personnel to log into the boards. This is because IT teams have the power to set credentials up by uploading existing logins for teachers, staff and pupils accounts through active directory syncing. Additionally, the IT teams can control the accounts using lock down systems and decide what apps can be downloaded.
However, while SSO is an effective method for making logins easier, there’s the danger of devices using SSO in a less secure way. Smart boards that offer SSO using Google and Facebook – as an example – can lead to pupils accessing the boards using their personal accounts and accessing the internet.
The same goes for one of the most common ways device security gets compromised, which is when devices are left unlocked and unattended. People can take advantage of this and access personal and private data on the device while a user account is still logged in. To tackle this, clever AMS and IAM systems allow administrators to prevent this from happening by setting an idle session logout time on AMS. If teachers forget to log out of their device, AMS will automatically log the user out of the account.
Likewise, password leaks open doors to a lot of confidential information. This is why users must protect them. To minimise the risk of unauthorised access to devices, user data, and passwords, users are urged not to save their passwords locally. Instead, alternatives such as password managers can be used to prevent attackers from potentially accessing their cache and stealing their credentials.
In a situation where user credentials do fall into the wrong hands, multi-factor authentication should be installed to provide an extra level of security. Multi-factor authentication would require users to input an additional security code sent to their mobile device which will help verify their identity when logging in.
Above all, if there are security concerns surrounding a product, the manufacturer must provide the relevant information on how to report these issues, acknowledge the report, and update on the timescales. This is because of the new UK consumer connectable product security regime that came into effect on 29 April this year, which means manufacturers of UK consumer connectable products (or smart products) have to comply with the relevant obligations which include ensuring they and their products meet the relevant minimum-security requirements.
Introducing new technology within schools is inevitable, making cybersecurity education important for protection against immediate threats. With the implementation of strict rules and robust security measures, such as account management systems, multi-factor authentication, and regular over-the-air security updates, pupils, staff and IT administrators can minimise risks to create a safer learning environment in schools.
Nicola Pearce is head of education at electronics company BenQ