Cyber-Security in Schools

Cyber-Security in Schools

Posted on: 9th Dec 2019 by: Gary Henderson

Recent research from LGfL has revealed an urgent need for more cyber-security training within schools.

  • Why is there a knowledge/skills gap here?

  • What could the impact of not having staff with cyber-security expertise be?

  • How could we ensure schools acquire that knowledge?

The issue of cyber-security skills in schools is multi-faceted. There are implications in relation to school IT staff and their cyber-security skills, school leadership, the wider staff body and also the development of cyber-security skills among our students in attempting to prepare them for the increasingly digital world we now live in. It is also worth mentioning the need to also build awareness and skills in parents and the wider community and the importance of cyber-security is only growing.

From a GDPR point of view, each school has a responsibility to protect the personal data they store in relation to staff, students, parents and other members of the community who interact with the school. At this level of analysis, it is the cyber-security skills of IT staff which are likely to matter the most. They must be as well prepared as possible in the face of increasing cyber threats. As a perfect illustration of this, an article in ZDNet[1] indicated that “education users are twice as likely to be targeted than consumer users” by phishing attacks, plus ICO data for quarter 2 of 2019[2] identified that education is the 3rd most common industry to report a data breach, reporting around 11% of all breaches reported to the ICO in the quarter. In 2019 there were significant incidents at education instructions in the US in particular, but also in the UK such as the incidents at Swindon College and Lancaster University. Where schools fail to consider cyber-security they are increasing the risk of a significant cyber-security event. It is at this point I must note that those schools which do identify the risk and take action are not immune to a cyber incident, they just reduce the likelihood and potential impact for when, rather than if, it happens.

Cyber-security skills are key in schools, or any other organisation for that matter, to being prepared. One of the biggest issues is that cyber-security skills cannot remain static as the threats are always changing and evolving and therefore resources must be identified to support continuous cyber-security skills development among IT staff. The challenge here is that this is difficult where resources are limited plus, I believe that often cyber-security, especially of smaller schools, isn’t on the radar of senior staff. It also must be acknowledged that the wider societal need for cyber-security professionals or those with cyber-security skills is also making it more difficult for schools and other educational institutions to source suitably skilled staff.

In the face of the difficulties, we still need to identify a way forward. My suggestion here is first to raise the profile of cyber-security within schools and this involves engaging senior staff as to the risks, to specific examples of where incidents have occurred and to the costs of dealing with an incident. From there hopefully, schools can seek to allocate resources in line with their attitude to risk, whether this is staffing, finance to support the professional development of IT staff, software or hardware or any other resource.

I believe the other key area where action can be taken is in the gathering of threat intelligence. Individually schools are reliant on the skills of their own IT staff and on third parties, who often have their own agendas or profit margins in their mind. Collectively however schools have a much wider pool of knowledge and experience and it is pooling this knowledge and experience that I see the biggest opportunity. One of my favourite phrases at this moment in time is “the smartest person in the room, is the room”.  Not sure where it came from or who said it originally, but it sums cyber-security skills up.  If the IT staff in all schools seek to share their approaches to cyber-security skills development, to cyber-security issues, their challenges and their successes, then we will have a very experienced and skilled room and we will be all the better for it.

Cyber-security risk continues to grow and evolve and therefore the skills needed to prevent or minimise incidents also continue to grow. This is an issue not unique to schools, but an issue which impacts the world as a whole which in itself presents schools a further challenge given, they are unable to match the resourcing available in commercial organisations. It is due to this that I believe the solution is a collective one, requiring schools and other educational institutions to work together, to share and to pull their resources, knowledge and experience together.

Gary Henderson
ANME Member and Director of IT at Millfield School, also a trained teacher with 20 years’ experience across secondary schools, further education and higher education, both in the UK and the Middle East.

Written for Education Executive

References
[1] Ranger, S. 2019. Phishing emails: Here's why we are still getting caught out after all these years. [Online]. [1 December 2019]. Available from: https://www.zdnet.com/article/phishing-emails-heres-why-we-are-still-getting-caught-out-after-all-these-years/
[2] Information commissioners office (ico). 2019. Data security incident trends. [Online]. [1 December 2019]. Available from: https://ico.org.uk/action-weve-taken/data-security-incident-trends/

 


Testimonials from Members & Partners

  • “Fantastic event, with interesting content and very well organised.”

    Alain Squiteri, Sales Director - InVentry

  • I thought the day was excellent. It was really good to have the companies there and invaluable for meeting and speaking with new contacts. I really hope this carries on as it was desperately needed in our field.

    Janet Cannell, Member

  • We’re really proud to be ANME’s platinum sponsor. It’s such a great platform for school network managers to get together and share ideas, plus it provides us the opportunity to speak directly to schools using our solutions and get their feedback and input into new features. Every event is always different, with fantastic speakers providing real insight and ideas on all things edtech.

    Al Kingsley, Group Managing Director, NetSupport Limited

  • ANME meetings provide valuable networking - being able to talk to other professionals doing the same role and understanding their approach and their context. This is a great way to challenge what you are doing in your own setting.

    Neil Limbrick, ANME Ambassador

  • A fantastic online resource of like-minded professionals that you can use to bounce ideas off, chat things through, get advice from. Invaluable.

    Ric Turner, Balshaws Church of England High School

  • The ANME is a priceless resource for anyone working in an IT support role in the education sector. The online forum is lively and informative and the regular meetings provide insight into new products and valuable networking opportunities with peers from other establishments. I've lost count of the number of valuable conversations and helpful tips that I've had since becoming a member. If you've not been to a meeting before then try to attend the next one in your area, you won't be disappointed.

    Dave Leonard, ANME Ambassador and ICT Manager at Matthew Moss High School

  • The ANME has been a great resource when you're a lone IT manager, now you have friends going through the same obstacles as you, with plenty of advice and guidance.

    Michael Frost, ANME Member & IT Network Manager at Parkwood Hall Co-operative Academy

  • Being part of the ANME is like being part of a large corporate IT department, there's always someone you can ask for advice

    Paul Gillon, ANME Member & Network Manager at West Hill School, Stalybridge

  • ANME is like having a team of IT experts at my fingertips. It helps me keep up to date with the latest trends in IT education.
    Rick and the ANME members have always helped when I've needed extra guidance to make great IT decisions

    Clifford Fernandes, ANME Member & IT Manager at Claremont High School

  • I attended my first ANME regional meeting recently which was great. It was Informative, relevant and useful! Unlike some meetings I attend where you get one or two useful nuggets of information, but other bits have been added to the agenda as fillers. Glad to be a member of this group of like-minded individuals.

    Adam Hall, ANME Member & IT Operations Manager at Four Oaks Learning Trust