School security: Digital safeguarding isn?t just about managing online access

Author:
Publish date:
stone-school-shutterstock-main-ITCE.jpg

I recently hosted a debate on digital safeguarding and was quite surprised that the conversation seems to be still revolving around simply educating kids about the dangers of online conversations.

We were talking with highly influential people, from NASUWT, Childnet, ParentZone, as well as heads of school. I felt that there was a fixation on the damage that being online can cause, and the knock-on effects on teachers and pupils, rather than a need to solve the root issues.

There were several moments of clarity, one being a comment that kids don’t respect or use the term ‘e-safety’, so we shouldn’t either, and another being that kids don’t distinguish between on and offline conversations or relationships – they are all part of their social mix. I can relate to that, because we’re spending a lot of time with schools who want to foster an environment of location independent learning – bringing education to life with lessons outside the classroom that use elements such as Augmented Reality to bring things online into the offline world. BYOD and one to one device schemes are driven by this change. It’s kind of exciting, seeing technology be such an integral part of day to day life in schools, especially as it’s matching children’s expectations about how life ‘should’ be.

But, at Stone, we feel that the focus needs to also be on the ‘back office’ parts of a school’s technology, for the roots of digital safeguarding strategy to really take hold. No one to one device scheme, or digital policy is going to weather the demands on it, or the attacks on its security, without particular attention to the technology, and the people managing the devices.

We’re working with a lot of schools at the moment to replace their obsolete Windows Server 2003 technology. Much of that is driven by the unique security threats to education that continuing to use it beyond the end-of-life Microsoft has decreed. We think about one in five schools will be left vulnerable.

Sticking with obsolete technology like Windows Server 2003 can lead to a lot of problems for education. In the context of a school, where an “us vs them” culture exists between the general user base and supporting infrastructure, maintaining strong internal defences is essential. The ability to attack and exploit known vulnerabilities has literally become child’s play and can even be executed from mobile phones and tablets. Due to a combination of free access to the required tools, simple user interfaces, readily available information and video learning on how to use the tools and a general teenage desire to “mess around”, any unpatched and out of date systems accessible from networks that students are attached to is a recipe for disaster.

I wonder if enough schools consider that these sorts of attacks can come from within? There’s a lot of focus still on the safeguarding issues sites such as ratemyteacher put into play, but more needs to be understood about the basics, such as the fact that without support on obsolete products, you are also without security, so the bottom line is, everybody in the school, and that school’s data is vulnerable, regardless of the policies, internet management software or pupil education schemes you have in place.

Data compliance and security is a ‘back office’ issue. Education really needs to continue to get its entire house in order, not just the front line of technology.

Image source: Shutterstock

Related