Encryption is key to securing education

Mark James

With 25 years’ experience in computing, Mark has been at the forefront of ESET UK’s customer support since its arrival in the UK. Passionate about educating users in the pitfalls of computing, Mark runs the technical education courses for UK channel partners as well as speaking at seminars and other events.

Follow @ESETUK

Website: www.eset.co.uk Email This email address is being protected from spambots. You need JavaScript enabled to view it.

In its recent revision of the guidelines for inspection, Ofsted stated schools must seek to protect and educate pupils and staff in their use of technology. This includes having the appropriate mechanisms in place to intervene and support any e-safety incidents. A school’s network infrastructure, and more importantly the data on it concerning pupils, staff and core admin functions, is arguably its key asset. As such, any e-safety plan needs to extend to the appropriate protection of confidential data.

Ofsted has stated that one indicator of inadequate performance is through unsecured personal data and leaving school websites without adequate encryption. If lost or stolen, the impact upon a school’s finances or reputation can be severe. So how should an adherence to compliance be addressed?

The Information Commissioner's Office recommends the use of encryption software to prevent data leaks. To aid this, schools should look towards specialists for examples of best practise and guidance on how to factor encryption into their wider security practises. Encryption specialists recommend the use of file and email encryption, as well as full disk and removable media encryption. This extends to the encryption of portable devices, such as laptops and iPads, and portable storage media, for example, USBs, CDs and DVDs. Secure shredding – the deletion of old data no longer required by an organisation – should also be considered with the lifecycle of data also in mind, and the ability to scale also ensures security no matter how many devices join the network.

When choosing where to store a device's data, security must be kept in mind. All too often it is lapse-minded employees accidentally leaving devices in public that represent the biggest risk. The ultimate aim of any school’s IT policy should be to create a ‘security aware’ staff and student body. Both groups need to be conscious of the security risks they’re exposed to, how to defend against them, and to feel empowered to intelligently respond. The growing trend for ‘digital schooling’ - whereby tablets function as a key tool in lessons and for homework and further study - means that a firm IT security strategy needs to also be communicated beyond the staff body and practised by all members of a school’s community.

Research by ESET UK into the attitudes of young people towards cyber security conducted earlier this year, suggests 50 percent of those aged 9 to 16 have had no formal internet safety teaching in school. With human error - often the downfall of any security plan - these blind spots in basic cyber education need to be addressed as a priority to ensure a culture of cyber-awareness is fostered in children from a young age.

With Ofsted ratings at risk, the prevention of access to confidential information should be a key focus of any school’s IT security team. Encryption, coupled with education, represents a simple yet effective solution. Low system requirements and minimal maintenance ensures its benefits are experienced by all users. It only takes one theft or loss of a single device to put a network and data concerning pupils at risk. Through encryption, the risk of non-compliance is greatly reduced.

Photo credit: M_Thierry - image has been edited

Read More

Sign up to our newsletter

Get the best of Innovate My School, straight to your inbox.

What are you interested in?

By signing up you agree to our Terms & Conditions and Privacy Policy.

1,300+ guest writers.
ideas & stories. 
Share yours.

In order to make our website better for you, we use cookies!

Some firefox users may experience missing content, to fix this, click the shield in the top left and "disable tracking protection"