Technology & Innovation - Issue 11

Future-proofed PROTECTION Nicola Pearce explains how building cyber-resilient schools requires a certain level of awareness on the part of staff and students alike I n the current digital landscape, technology has become an integral part of education. With this reliance, however, comes a series of security risks. Nowmore than ever, schools are becoming targets of cyber incidents – be it phishing attempts at stealing passwords, or ransomware attacks that encrypt files – with the result that they can’t afford to overlook the importance of cyber security. Safe digital habits Cyber threats continue to present increasing challenges, because as technology evolves, so too does the threat risk – meaning that the best time to act is now . That said, cyber security improvements should be a collective staff effort, due to the widespread impacts they can have, rather than just remaining the sole responsibility of IT staff. Cyber security helps to instil safe digital habits, so while your IT staff does have a crucial role to play in implementing and maintaining technical defences, one of the most reliable ways of mitigating such risks is to provide suitable education and training for all users – admin staff, teachers, and students. Newdevices It pays dividends for schools to employ the latest technologies. For students, getting hands-on experience with devices and software they’ll likely use beyond school will ensure that their learning is ‘future-proofed’, while for teachers and staff, interactive displays and other such hardware can improve their operational efficiency. Aside fromnot providing as many functions, or being as relevant to future workplace applications, older devices are also more likely to create security loopholes that leave schools more vulnerable to external attacks and data leaks, thanks to outdated firmware and apps. All systems must therefore be kept up to date, so as to ensure optimal device performance and data security. For schools, this is critical. Not only is there likely to be a large number of devices connected to the network, there will also be a range of cases where multiple users are regularly logging in and using the same device – with classroom displays or library laptops, for example – potentially putting students, teachers and staff at risk. Protectivemeasures Secure prevention practices can be implemented to guard against any tampering with, or accessing of assorted settings, user files, and folders. With the aid of secure Account Management System (AMS) and Identity and Access Management (IAM) software, IT administrators can create and manage user accounts by setting unique permissions for individuals or groups, while simultaneously restricting any sections of the network containing sensitive data – such as academic information and student records – to authorised personnel only. These, combined with a single sign-on (SSO) authentication method, will enable users to securely access multiple platforms using one set of credentials, while ensuring that only approved users can retrieve sensitive information. Yet while SSO is an effective method for making logins easier, there can be a danger of some devices using SSO less securely. Interactive displays that allow for SSO via Google and Facebook accounts, for example, can result in students being able to sign in using their own personal accounts, and from there, obtaining access to the wider internet. An inevitable challenge The same goes for when devices are left unattended and unlocked. It’s possible for individuals to take advantage of this, and access private data on a device while a user account is still logged in. Some AMS and IAM systems allowadministrators to prevent this by remotely configuring an ‘idle session logout time’, so that if a teacher ever forgets to log out of their device, the AMS or IAMwill log the user out of their account automatically after a certain period of time. Above all, to allay any security concerns, manufacturers and software developers must be able to provide relevant details of how their ‘smart’ products comply with all minimum- security requirements and obligations. The periodic introduction of new technology is something all schools will now inevitably need to manage for the foreseeable future. As such, cyber security education will remain a necessity for protecting against the numerous online threats and risks that staff and students will surely encounter. However, through appropriate implementation of robust security measures – such as account management systems, multi-factor authentication and regular over-the-air security updates – everyone within your school can collectively minimise those risks and help to create a safer learning environment. ABOUT THE AUTHOR Nicola Pearce is head of education at BenQ 49 S C H O O L S O L U T I O N S teachwire.net