Protect Your School From Hackers

Reading Time: 3 minutes

How can we keep sensitive school data safe?

Recently, there was a ransomware hack affecting many institutions, not only in the United Kingdom but across the world. Why is this important to teachers?

Well, we have access to a huge wealth of sensitive data, which in the wrong hands could feed into a larger network of identity thieves, or could end up in a ransom situation, which has already affected some schools.

Some estimates suggest that 30,000 websites are infected  with ‘malware’ each day. Stopthehacker.com state that it takes only 10 minutes to crack a lowercase 6 figure password!

The internet is a resource we increasingly rely on, and as teachers we need to protect both ourselves and the students we serve by being vigilant and aware. So, what can we do?

Inform your colleagues

Although this is a hugely important issue, you’ll be surprised how many schools aren’t even aware they’re at risk, let alone put any procedures in place to protect themselves. I’ve put together 10 strategies that teachers can use to make a start at protecting school data – and their own.

Print the poster out put it up on your staffroom wall; or email and share it with your colleagues. The aim is not to solve all the problems over night, but to start a conversation. Make your colleagues aware and recommend these small changes they can make to start to make your school hacker-proof!

Below I expand on the points in the poster. If staff have lots of questions, why not run a CPD session on this important topic?

1. Password strength

Passwords are often neglected, duplicated and undervalued. Yes your emails are important! Yes, people do want access to them! I’m not talking about protecting yourself from a nosy colleague, we are talking about advanced and savvy operators, adept at entering where they have no right to be. Not only should you use a mixture of upper and lowercase letters, both numbers and symbols add an extra level of complexity. A little ‘&’, ’%’ or ‘#’ could make all the difference!  

2. Email attachments

One of the rising attacks involves the hackers purporting to be somebody, or a business that you know and trust. ALWAYS check the details of the sender and URLs for any irregularities. If you are unsure, why not search online for details about the specific sender.

3. OS suitability

One of the main reasons for the recent up-rise in ransomware attacks is outdated operating systems. As Windows and other operators move toward newer and more advanced systems, older hardware has been left to the side, with no more security updates. This means that when a vulnerability has been found by hackers, these can be taken advantage of without resistance. If you are unsure whether the hardware you are using is up-to-date or not, do not hesitate to contact the relevant department in your council or borough.

4. Staff Training

In a constantly evolving, technological world, it’s very easy to find yourself out of touch. Schools have a duty to ensure teachers are somewhat up-to-date with relevant technology. Too often schools invest in technology without ensuring that staff are confident users, meaning any benefit is instantly mitigated.

5. Email Attachment Scanner

Any email attachment you receive should pass through a filter. If it doesn’t, this is quite serious negligence. You hold the key to a wealth of personal and sensitive information. Prevention is better than cure, and this is exemplified when we are talking about security.

6. Secure wi-fi (no personal devices)

I may be over-stepping the mark here. In a closed environment, schools and organisations in general can control security quite easily, however with wi-fi accessed by any mobile or personal laptop, a certain amount of integrity is always lost. I understand in many circumstances this is unavoidable, but it has to be pointed out as a vulnerability.   

7. No memory sticks

Whatever you call it, a fob, a USB stick or a memory pen, they should be banned! I will never forget the countless laptops I saw made redundant throughout university! Albeit many years ago, the value still holds true, a memory stick will hold any virus that any of it’s previous connections may have had. Therefore, it’s only as trustworthy as it’s least protected partner!

8. Data Protection Policy

All teachers should ideally receive training on best practices when it comes to data protection. While the importance of data has grown exponentially over recent years, it has not yet reached it’s full potential. The families and students, whose data we manage rely on our professionalism and discretion, and schools should treat this data accordingly.

9. Be honest!

Should you click on something, or download something suspect, time is of the essence! Your instincts will tell you to shut down the computer! The most important thing, is that the computer is disconnected from the internet. You should then go to the appropriate person and explain. In most cases this will just be a false alarm, but it is best to be safe!

10. If in doubt get out!

If you have a “that’s strange” moment more than once in a session and you have a bad feeling, then trust your instincts … Log out, seek help, and follow school procedures.

You can download the poster here.

Gerard Greally

Gerard is an Irish primary school & technology teacher based in Madrid, Spain. After training in London, he sought brighter skies and moved to an International school where he is ICT teacher to year 4, 5 and 6 students in an iPad one-to-one environment. Gerard is an Apple Distinguished Educator and is constantly looking to innovate learning and share his experiences. Read his blogs.

One thought on “Protect Your School From Hackers

  • 14th Jun 2017 at 1:26 pm
    Permalink

    Trying not to sound harsh here but the main reasons for the NHS Cyber Attack was all simply put – Budget cuts, staff layoffs, centralised IT systems and outsourcing IT Support.

    Speaking from experience.

    Any IT who’s qualified/experienced enough will say never put all your eggs in a single basket. Have backup systems in place, have redundancies and always keep the system updated. All of that requires three important factors: Time, Money and IT Staff. Without IT who will do those updates (through Windows Update Services at least – Server). Who deploys the latest Operating Systems (while also testing all the dept software and making sure everything is a smooth transition) – IT staff. Who will sit there configuring Wi-Fi to be secure alongside internet filtering etc. How often do staff/students complain at the very security designed to protect them? How often do IT have huge budget cuts with while having redundancies?

    If you’re really interested this will be useful.
    https://itsupportns.blogspot.co.uk/2017/05/it-that-cyber-attack-at-nhs.html

    Servers cost money, staff cost money and upgrading OS’s with the Microsoft Agreements can cost from £4,000 to £15,000 a year depending on your staff size etc.

    We’re currently heavily testing Windows 10 and have done upon first release. So far it’s been 95% effective but we’ve encountered issues. Without a team this wouldn’t be possible. When a PC is turned on it performs a hundred tasks in the background. When you logon staff/student it performs another 400 tasks. All for security, to give you the right access level and to give you what you need from shortcuts to network drives. All require time.

    So if you want to protect your school? Don’t budget cut equipment/staff in the IT dept. If you do – consider pulling back your IT requirements in general. No Smartboards in classrooms, no projectors, no Wi-Fi etc.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.