BullGuard’s Pete Morley: “Security starts at primary school level”

With the classroom getting more tech-focused, it is more important than ever that children are protected and aware of security. Pete Morley, UK and Ireland country manager at BullGuard, speaks to Jonathan Easton about the importance of a robust solution for schools and the need to make sure that teachers are up to speed with the latest tech…

It might be an odd proposition to suggest that a school’s cybersecurity system should be as robust as any business. It’s not like any hackers would have a vested interest in stealing 15 year old James’ poorly thought out close-reading of Under Milk Wood, after all. But there is heaps and heaps of personal data that a malicious actor can be after. And that’s not even mentioning the malware and ransomware which have the capacity to tank the entire digital infrastructure of a school that keeps students and faculty alike safe.

“It is vitally important that an education institution has a thorough security solution,” says BullGuard’s UK and Ireland country manager Pete Morley. “Schools face the same cybersecurity threats as other organisations.”

“The Information Commissioner has advised schools to be particularly vigilant around information security, warning that unauthorised access to personal information would be particularly harmful to pupils, parents and staff. Schools also understand that people have a right to seek compensation if the loss of personal data causes them damage and are therefore acutely aware that they need to fully comply with legislative requirements around safeguarding personal data.”

Personal data and its misuse in 2018 is the conversation du jour, that is to say everyone is talking about it with the recent implementation of the GDPR rules. Like with most things, that rings doubly true when discussing children. It’s one thing if an adult’s information is stolen, but it’s a whole other when it’s their kids. Any organisation that a parent trusts with their children’s personal – whether it’s an online game, a kids club or a school – is under an extraordinary level of pressure. That’s why schools need to be extra cautious.

Spelling out the new rules, the International Commissioners Office (ICO) explains that “children need particular protection when you are collecting and processing their personal data because they may be less aware of the risks involved”. Child protection is key, and systems should be designed ‘to protect them from the outset’. When it comes to advertising – the area which has seen the largest real-world effect from GDPR – children “merit specific protection when you use their personal data for marketing purposes or creating personality or user profiles”. In addition, the ICO points out that ‘an individual’s right to erasure is particularly relevant if they gave their consent to processing when they were a child’, and that children ‘have the same rights as adults over their personal data,’ including ‘the rights to access their personal data; request rectification; object to processing and have their personal data erased’.

All of this is to say that the legality of children’s data in a post-GDPR world is tighter than it ever has been. There is no suggestion that schools have ever been in the business of selling the data of their students to third parties, unlike the social media sites that those students might frequent, but rather, anything that might happen to that data because of a lapse in security will come down on the school like a crash of thunder.

However, it’s not just data getting out of a school that’s of a concern, it’s data getting in. A 2017 study carried out by BullGuard found that a majority of parents have serious concerns about their children being exposed to inappropriate content online, with 92 per cent considering the ability to block inappropriate content as the most important and valuable feature of internet security software.

“Today’s children are true digital natives, growing up with technology as a natural feature of their environment,” said company CEO Paul Lipman. “The internet opens up endless opportunities for children and it’s positive to see from our research that parents are becoming even more savvy when it comes to doing all they can to protect children from the negative aspects of the online world.”

Parents can’t be shielding and protecting their children from online threats forever though, and cybersecurity education is becoming an increasingly important part of the curriculum.

“Security starts at primary school level, with lessons about online stranger danger, the importance of not bullying online and the need to password protect personal things,” Morley points out. “Children at this age are not likely to be aware of other threats like malware in pop-ups, rather the focus is about online protection from others. However, after moving into secondary school, awareness certainly increases.

“Some children may have had their online games hacked, like Club Penguin after telling their password to a friend. They soon learn from their mistakes and it’s not at all unusual for a young teen to have 18 character length passwords. However, cyber security could go much deeper than it currently does. Ideally, young teens should learn about phishing attempts, ransomware, banking Trojans, to name a few examples, to give them an in depth understanding of the scale of dangers. It does no harm for children to also learn about the devastating consequences of identity theft and how easily identity details are stolen.

Furthermore, it would be useful for children to have an education about the dark web, organised crime groups and the many cyber-fraud activities that take place out of sight. Many children will discover this for themselves, but wouldn’t it be better if they already understood just how pervasive and malicious these threats can be ranging from identity theft to potentially undermining legitimate economies. Armed with this level of education, today’s youngsters can be tomorrow’s cyber defenders.”

Suffice to say then that the days are long gone where IT lessons were made up of making presentations in powerpoint and playing the racing game that was hidden in row 2000 of Excel.

“IT education has changed massively,” Morley asserts. “Essential applications like Microsoft Office are still taught but now at the primary school level, with the exception of Excel. In fact, primary school pupils are sometimes expected to submit homework through Word or PowerPoint. Schools also have to consider that technology is now very much part of our everyday lives, especially for the current secondary school age generations.”

Instead of trying to teach them what they already know, today’s educators are empowering their pupils by letting them utilise the tools they already use on a daily basis but or school work. “Through using social media, creating YouTube videos etc, they are already practising technology skills, so schools must ensure that classes challenge their pre-existing abilities. The higher up the school yearly grading systems pupils go the more important technology becomes.”

Devices are also being used to make education more engaging for students who might not be so interested in the subject being taught.

“From a pupil’s perspective, technology can make all the difference. For instance, the maths around 3D modelling, important for engineering and science, can be deadly dull on paper but computing programmes bring it to life by rendering the maths into virtual models that can be played with and reshaped on screen. When students are specifically studying tech, they are being taught with high-level tools, helping them create virtual servers, use VPN’s, learn about open source coding, compile directories and so on.”

But children aren’t the only ones with opportunities to progress in the tech world. With many schools being under equipped to deal with rigours of the modern day, there exists a great selling opportunity, though the financial restrictions can also be a significant factor at play, notes Morley.

“Commonly school computers are old and well past their shelf life, and teachers are well aware of this because technology often takes centre stage in many curricula. But the reality is that many schools are battling with budget cuts. The result is that schools need to feel that they are getting value for money, not only today, but stretching into the coming years. From their perspective, shrinking budgets means that the cost benefits within their budget are hugely important.”

But Morley also argues that schools shouldn’t be entirely gung-ho in overhauling an outdated system and bringing tech into currently tech-less situations. “Some teachers are fearful that computers create more work, which is often true during a transition process, and some may not even be completely comfortable in their ability to use technology. People tend to be much happier when expectations are set. For instance, understanding how long it will take to add computers to the school’s network or the required training following the introduction of new software.

Certainly, making sure that teachers know how to use the tech they’re given and that they are comfortable of doing so is vitally important. A survey from 2015 found that nearly half of teachers rarely use the technology in their classrooms, with a lack of training holding many of those surveyed back. Of the 500 primary and secondary school teachers surveyed, 49.3 per cent of state school educators said that they weren’t effectively trained, compared with 43.9 per cent in independent schools.

Obviously these figures are a few years old at this point and the numbers are likely to have gone down in recent years, but the area of ‘educating the educators’ as far as utilising tech goes is still an ongoing discussion, suggests Morley. “This is also a key concern when a school needs to explore the adoption of new technologies. In short they need to know what is involved in terms of training, how long training will take and is the technology easy to use.”

Technology is not just something that be avoided by educators in the modern day. “Technology is central to teaching,” States Morley. “In the younger classrooms, tablets are universal.

“Though emphasis is still given to the basics, like handwriting, the interactive learning tools available nowadays undoubtedly help equip young minds with basic computer skills and are more visually stimulating than traditional teaching methods. As students develop, technology becomes increasingly important and can be applied to a huge variety of subjects. In some schools it even becomes a collaboration tool between students and teachers, with teachers setting tasks and students then working on, asking questions and submitting work via cloud-based apps.”

Teachers are not the only ones who need to be appropriately equipped to utilise technology in education. The resellers selling into schools play a vital role, and can give key advice to students and parents at the point of sale, Morley argues.

“Many students are actually savvy about basic cyber security such as the need for strong passwords and the importance of two factor authentication. In fact they might have a better grasp of this than their parents. Where their knowledge tends to fall down is phishing attacks and fake websites that specifically target them. Clever hackers understand that different age demographics have different lexicons therefore they will target them with short witty, sarcastic and funny messages. They’ll also try and exploit the fact that most students are perpetually cash-strapped. Parents tend to have awareness of this and also concerned about their teenagers doing senseless things and posting pictures online. Where they both converge is on price. A good price and good deal is everything to students, and parents, who are mindful of tight budgets.

“This is a starting point for resellers and from there they can talk about the important benefits of malware detection such as the need for behavioural-based and layered protection. It’s also useful to provide insight into just how prolific malware is and how many new versions appear each day. Some estimates put it at 360,000 new malware samples a day. A brief dive into threat trends can also be helpful without over selling. For instance, ransomware is still a deadly threat while cryptocurrency mining malware is big in 2018. This helps paint a picture of just how dangerous it is to go online without protection. Even if parents and students are already aware of this, delivering the message in such a detailed manner can really hammer it home.”

We’ve become accustomed to parents being taught about tech by their kids. From getting the right input on the TV to telling mum that she hasn’t actually won a new TV from the pop up ad, younger generations have consistently been the ones educating their elders on how modern technology works. Now that those kids are starting to have their own children, it’s becoming a much more level playing field. Resellers and security vendors like BullGuard can speak to both parties by providing supplemental information.

Regardless of age, we are all learning with and about tech. Perhaps the most important stage of IT education is realising that it doesn’t just exist in the classroom.