Steps to protect school data from cyber-attacks

Schools – like many public organisations – hold a lot of data on their IT systems and equipment. In recent months, the task of managing data security has grown ever-more complicated with many staff and students working and learning from home. The Department for Education (DfE) recently sent an email to school Heads warning them of an “increasing number of cyber-attacks” across the education sector and encouraging school leaders to “urgently review” their cyber defences. This article outlines some key steps your school can take to protect school data.

Why does my school need to protect its data?

Data protection in schools is absolutely vital. Schools hold a huge amount of personal data, including student names, addresses, medical information, and photographs, for example.

Once this information is acquired, it needs to be kept secure. Failure to do so could lead to repercussions for the school management team as well as damaging the school’s reputation. Schools also have an obligation to display a detailed privacy statement on their websites outlining how they use, process, and store personal data.

How can my school safeguard its data?

The Government recommends that a member of the senior leadership team be responsible for safeguarding in schools and implementing appropriate policies.

In the first instance, your school should have a data protection policy that covers the following:

1) Email

What can staff and students share by email? Can your school avoid sending personal data to parents via email? Are your staff using BCC when sending bulk emails to protect parent anonymity?

2) Mobile tech

Your policy should outline the recommended guidelines for safe use of mobile devices. This should include what is acceptable use of personal devices, how staff and students can interact with each other on social media, guidance on accessing personal accounts, and acceptable use of streaming and entertainment services.

3) Chat rooms

Students should only access chat rooms if they’re education-related and if they’re closely monitored. Your policy should also emphasise the importance of protecting personal data when using these.

What other measures can my school take to protect its data?

There is a host of additional measures your school can take to boost its data security and help safeguard against cyber-attacks. These include, for instance:

• Encrypting all personal information stored electronically
• Enrolling all school devices into a mobile device management (MDM) system
• Holding regular staff and student training in cybersecurity and online safety
• Installing anti-virus software and firewalls on school computers
• Keeping devices locked away when not in use
• Managing user privileges to systems so they’re set at the minimum levels and revoked when staff leave
• Password-protecting storage devices such as memory sticks
• Shredding physical copies of confidential material
• Using ‘strong’ passwords
• Using a VPN for staff working from home to ensure data sent to the school’s network is encrypted
• Turning off ‘auto-complete’ settings

Taking these steps to protect your school data should ensure you’re providing clear guidance and adequate protection to staff and students. It will also encourage responsible use of devices such as iPads and make your students more aware of the consequences of sensitive information falling into the wrong hands!

If your school wants to upgrade its IT equipment to support your data protection, contact our expert team!

Tags

• cyber security
• IT
• protect school data