This website uses cookies to ensure you get the best experience on our website. More info. Accept Reject

Encryption is key to securing education

Protect children and staff in their use of technology and the data stored

We like the article below by Mark James at ESET Customer Support.  Mark spoke at our School Tech Show 2015 to highlight the importance OFSTED place on data protection and encryption and what this means for schools. 

In the guidelines for inspection, Ofsted stated schools must seek to protect and educate pupils and staff in their use of technology. This includes having the appropriate mechanisms in place to intervene and support any e-safety incidents.  A school’s network infrastructure, and more importantly the data on it concerning pupils, staff and core admin functions, is arguably its key asset.  As such, any e-safety plan needs to extend to the appropriate protection of confidential data.

Ofsted has stated that one indicator of inadequate performance is through unsecured personal data and leaving school websites without adequate encryption. If lost or stolen, the impact upon a school’s finances or reputation can be severe. So how should an adherence to compliance be addressed?

Bart - password message

The Information Commissioner's Office recommends the use of encryption software to prevent data leaks. To aid this, schools should look towards specialists for examples of best practise and guidance on how to factor encryption into their wider security practises. Encryption specialists recommend the use of file and email encryption, as well as full disk and removable media encryption. This extends to the encryption of portable devices, such as laptops and iPads, and portable storage media, for example, USBs, CDs and DVDs. Secure shredding – the deletion of old data no longer required by an organisation – should also be considered with the lifecycle of data also in mind, and the ability to scale also ensures security no matter how many devices join the network.

When choosing where to store a device's data, security must be kept in mind. All too often it is lapse-minded employees accidentally leaving devices in public that represent the biggest risk. The ultimate aim of any school’s IT policy should be to create a ‘security aware’ staff and student body. Both groups need to be conscious of the security risks they’re exposed to, how to defend against them, and to feel empowered to intelligently respond. The growing trend for ‘digital schooling’ - whereby tablets function as a key tool in lessons and for homework and further study - means that a firm IT security strategy needs to also be communicated beyond the staff body and practised by all members of a school’s community.

Research by ESET UK into the attitudes of young people towards cyber security conducted earlier this year, suggests 50 percent of those aged 9 to 16 have had no formal internet safety teaching in school. With human error - often the downfall of any security plan - these blind spots in basic cyber education need to be addressed as a priority to ensure a culture of cyber-awareness is fostered in children from a young age.

With Ofsted ratings at risk, the prevention of access to confidential information should be a key focus of any school’s IT security team. Encryption, coupled with education, represents a simple yet effective solution. Low system requirements and minimal maintenance ensures its benefits are experienced by all users. It only takes one theft or loss of a single device to put a network and data concerning pupils at risk. Through encryption, the risk of non-compliance is greatly reduced.

For further information visit Data Security for Schools.

BACK

Share

Comments

Leave a comment below

Call Me Back

I would like to discuss NCI Services & Support