I need you to take security seriously.

Published by Matt Setchell on

There are many issues in education right now, some of these have been the same challenges for years if not decades – funding and recruitment being the main stalwarts – but over the last, say 5 years, we have seen a steady rise in cyber security causing havoc at schools and trusts across the UK. And schools and leaders are still not taking it seriously.

Infact, with the increased use of technology, leaders are often frustrated by the need to implement security which they see as restrictive and making their lives harder. Many seem to think it’s simply a sales pitch, or IT trying to be difficult or justify their jobs.

That is, until they get hit.

And then they need to get “the professionals in” – despite having professionals that have likely been warning of the potential risks and the impact and consequences of an event – and how it will affect more then just IT.

In the last few months alone, if you search the BBC for stories on the impact of cyber security in education, you will see schools getting held to ransoms, student and staff details being uploaded to the dark web, exams impacted, course work lost and many more impacts that are under reported.

Because the impact of loss of access, loss of all data, years of work and reference materials – alongside the loss of current course or class work doesn’t sell headlines – but this is so common – and could so easily be avoided. If schools just took cyber security seriously.

The latest government cyber security survey indicates that education is targeted more than any other business sector. There are many reasons, but all of them could be changed.

It’s also one of those things that is often placed under a deputy head or other unqualified individual in some situations. They often oversee internal or external teams and just trust, because they don’t understand, that the right things are being done.

How can staff know what the right things are if there is no ongoing training? (Both for IT staff and for users) How can you be safe if you let some people, the ones who usually complain the most, bypass your protection?

We are giving staff and students devices and access they can use anywhere and anytime, it’s therefore our responsibility to give them the tools and knowledge to protect themselves and us. A staff member who is being held to ransom or, through social engineering is being forced to provide information or access is a real possibility, just look at recent incidents with MPs and WhatsApp.

How can you safeguard your students and colleagues if you don’t understand cyber security? The same systems that protect your security often provide safeguarding protection and oversight – and of course cyber incidents can cause safeguarding incidents.

So, this is a plea – I need you, whoever you are, and whatever your role, to take cyber security as seriously as you take safeguarding students and colleagues.

I need you to ensure as a minimum you have complied with the DfE Cyber Security Standards, that you have given your IT team the time and resources to improve their knowledge and the backing to implement changes to protect the school and it systems and users.

Categories: Blog