Oliver Wells, Education Manager at Sophos, explains that the education in the UK must turn its focus to cybersecurity in schools
Educators are lagging behind their students when it comes to IT knowledge. That’s according to recent research carried out by YouGov for Sophos, and it could have major implications for cybersecurity in schools.
In the study of 348 head teachers, deputy heads and other senior teachers* in the UK, nearly half admitted they know less about IT than their students. 26% said their school lacks some of the most basic cybersecurity measures, and 34% identified data loss as their biggest area of IT concern. It’s not a great result for those tasked with shaping the next generation, and with cyber cybercriminals targeting other vulnerable organisations like the NHS, it’s leaving schools wide open to a range of online threats.
But how can students and teachers reap the benefits of technology without becoming a cybercriminal’s next mark? It all starts with accepting that changes must be made.
A false sense of security
Despite many teachers admitting they are ill-equipped to protect vulnerable students and their data online, 80 per cent of those surveyed said they’re confident in their school’s ability to keep students safe from cyber threats. It’s an interesting juxtaposition, made more interesting by the fact that over half (52 per cent) said their school either doesn’t use, or they’re not aware of, a system to monitor student activity on school-owned IT devices. Without baseline security measures in place it simply cannot be true, and as government devolves more responsibility to schools, ignorance is no excuse.
In 2016, the government revised its statutory guidance document Keeping Children Safe in Education (KCSIE). Revisions state that education establishments must now “ensure appropriate filters and appropriate monitoring systems are in place” and that “children should not be able to access harmful or inappropriate material from the school or college’s IT system”. Schools and registered childcare providers in England and Wales are required “to ensure children are safe from terrorist and extremist material when accessing the internet in school”. However, KCSIE also advises schools to “be careful that ‘over-blocking’ does not lead to unreasonable restrictions as to what children can be taught”.
Meeting these requirements in an online environment that’s constantly shifting and changing can be a daunting prospect. Schools do have a tricky line to walk. But unless education providers take action now, the gap will only widen.
Understanding the risk
The majority of cybercriminals operate in one of two ways – they either cast their net wide or they specifically target sectors that appear most vulnerable. In both cases, schools are in the firing line. Years of stretched budgets and competing priorities have left many without the layers of protection needed to fend off complex threats. Add to that curious, digitally savvy students and it becomes a matter of if, not when, schools will be faced with an attack.
Most of the threats schools are up against fall into three broad categories: content (access to inappropriate information); contact (grooming, cyberbullying and identity theft); and conduct (privacy, digital reputation, health/well-being and copyright).
As students use their own devices to connect to school networks and teachers embrace remote working, it’s no longer enough to simply lock down school computers. Schools must also ensure sensitive data can be securely transported between devices and locations while blocking access to inappropriate content network-wide.
So how do we fortify schools against these risks and ensure students are safe? The answer literally lies in education.
Closing the void
Many of the fears raised by the teachers we surveyed can be solved through basic cyber security training, and common attacks such as phishing can often be prevented if staff know what types of behaviours to look for. Almost half (47%) of teachers said additional training would help increase their confidence in their ability to protect students from online threats. A further 43% felt more tools to monitor student activity at school would be beneficial. Both increased training and monitoring are relatively simple to implement, and ha the dual benefits of empowering teachers while protecting vulnerable students and school data.
Tools like the Sophos XG Firewall have been optimised to meet the growing complexity of school networks and provide the threat protection, filtering and monitoring needed to comply with KCSIE. Sophos’ integrated web, endpoint, email and firewall security solutions relieve some of the burden on teachers, which gives them confidence to embrace the full potential of technology in the classroom.
You wouldn’t let any old person wander through the school gates, so why leave the doors open online? It’s time to change statistics and school up on IT.
*Sophos surveyed head teachers, deputy head teachers and other senior teachers, including key stage leaders and assessment leaders.