How can we keep sensitive school data safe?
Recently, there was a ransomware hack affecting many institutions, not only in the United Kingdom but across the world. Why is this important to teachers?
Well, we have access to a huge wealth of sensitive data, which in the wrong hands could feed into a larger network of identity thieves, or could end up in a ransom situation, which has already affected some schools.
Some estimates suggest that 30,000 websites are infected with ‘malware’ each day. Stopthehacker.com state that it takes only 10 minutes to crack a lowercase 6 figure password!
The internet is a resource we increasingly rely on, and as teachers we need to protect both ourselves and the students we serve by being vigilant and aware. So, what can we do?
Inform your colleagues
Although this is a hugely important issue, you’ll be surprised how many schools aren’t even aware they’re at risk, let alone put any procedures in place to protect themselves. I’ve put together 10 strategies that teachers can use to make a start at protecting school data – and their own.
Print the poster out put it up on your staffroom wall; or email and share it with your colleagues. The aim is not to solve all the problems over night, but to start a conversation. Make your colleagues aware and recommend these small changes they can make to start to make your school hacker-proof!
Below I expand on the points in the poster. If staff have lots of questions, why not run a CPD session on this important topic?
1. Password strength
Passwords are often neglected, duplicated and undervalued. Yes your emails are important! Yes, people do want access to them! I’m not talking about protecting yourself from a nosy colleague, we are talking about advanced and savvy operators, adept at entering where they have no right to be. Not only should you use a mixture of upper and lowercase letters, both numbers and symbols add an extra level of complexity. A little ‘&’, ’%’ or ‘#’ could make all the difference!
2. Email attachments
One of the rising attacks involves the hackers purporting to be somebody, or a business that you know and trust. ALWAYS check the details of the sender and URLs for any irregularities. If you are unsure, why not search online for details about the specific sender.
3. OS suitability
One of the main reasons for the recent up-rise in ransomware attacks is outdated operating systems. As Windows and other operators move toward newer and more advanced systems, older hardware has been left to the side, with no more security updates. This means that when a vulnerability has been found by hackers, these can be taken advantage of without resistance. If you are unsure whether the hardware you are using is up-to-date or not, do not hesitate to contact the relevant department in your council or borough.
4. Staff Training
In a constantly evolving, technological world, it’s very easy to find yourself out of touch. Schools have a duty to ensure teachers are somewhat up-to-date with relevant technology. Too often schools invest in technology without ensuring that staff are confident users, meaning any benefit is instantly mitigated.
5. Email Attachment Scanner
Any email attachment you receive should pass through a filter. If it doesn’t, this is quite serious negligence. You hold the key to a wealth of personal and sensitive information. Prevention is better than cure, and this is exemplified when we are talking about security.
6. Secure wi-fi (no personal devices)
I may be over-stepping the mark here. In a closed environment, schools and organisations in general can control security quite easily, however with wi-fi accessed by any mobile or personal laptop, a certain amount of integrity is always lost. I understand in many circumstances this is unavoidable, but it has to be pointed out as a vulnerability.
7. No memory sticks
Whatever you call it, a fob, a USB stick or a memory pen, they should be banned! I will never forget the countless laptops I saw made redundant throughout university! Albeit many years ago, the value still holds true, a memory stick will hold any virus that any of it’s previous connections may have had. Therefore, it’s only as trustworthy as it’s least protected partner!
8. Data Protection Policy
All teachers should ideally receive training on best practices when it comes to data protection. While the importance of data has grown exponentially over recent years, it has not yet reached it’s full potential. The families and students, whose data we manage rely on our professionalism and discretion, and schools should treat this data accordingly.
9. Be honest!
Should you click on something, or download something suspect, time is of the essence! Your instincts will tell you to shut down the computer! The most important thing, is that the computer is disconnected from the internet. You should then go to the appropriate person and explain. In most cases this will just be a false alarm, but it is best to be safe!
10. If in doubt get out!
If you have a “that’s strange” moment more than once in a session and you have a bad feeling, then trust your instincts … Log out, seek help, and follow school procedures.
You can download the poster here.