Cyber-security is a necessity, not a luxury – and each and every school is ripe for the picking by hackers, fraudsters and thieves. How do you start building a strategy to prevent breaches?
Creating a secure digital environment in a school – for staff and pupils alike – can be challenging on a large scale, particularly when budgets are constantly being squeezed. It’s important for schools to have a cyber-security strategy, including:
- Child safety, with appropriate blocks in place where necessary.
- Staff safety, with appropriate blocks in place where necessary.
- How to adhere to the General Data Protection Regulation (GDPR) regarding the use and sharing of personal staff data, child data and financial information.
- Education around the potential impact of a data breach.
- A strict set of rules and regulations relating to how to prevent data breaches – and how to deal with them if they occur.
Responsibilities that a school’s data protection officer must take on, according to Ian Buss of Education Banking:
- Keeping up-to-date with GDPR developments, and ensuring staff are trained accordingly.
- Keeping their school(s) up-to-date with their data obligations, now and in the future.
- Monitoring compliance with the law, as well as their school policies.
- Co-operating with the Information Commissioner’s Office (ICO).
- Managing subject access requests (SARs) within the required timescales.
- Advising on, and reporting, data breaches to the ICO within 72 hours.<box out>
The most important thing to remember is that you are a target. Schools are considered easy pickings for hackers and fraudsters; this may be because they lack a dedicated data security expert, or they don’t have the funding available to invest in software solutions – whatever the reason, they must be more vigilant than most organisations. Here are some simple tips to remember, and implement through your school’s cyber security strategy.
Expect to be attacked
Know the threats. You are an attractive target, even if you don’t realise it.
Eight characters isn’t enough
Make sure those passwords are complex enough to make life difficult for potential hackers.
Have your defences in place
Make sure you have at least basic malware defences across your IT network. If you’re worried about not understanding the topic, employ a managed services provider to do the hard work (and probably save you both time and money).
Monitor IT use
It’s important to know what staff and pupils are doing on their computers, as well as keeping on top of any external connections, such as staff ‘phones. You can also limit access to certain data, as required.
Educate your staff
Whether you’re an expert yourself, or need to employ one to train your staff, having them all understand why cyber-security is important within a school is paramount. Don’t overlook it.
Have a response plan
What if a cyber-security incident occurs? How do you and your team react? A breach will happen, so you must have a plan in place for dealing with it, including having the right education and capabilities ready. Make sure to test this response plan regularly.