How to Improve Your School’s Online Security
The Information Commissioner’s office has announced that there has been a 43% rise in the number of data security incidents reported by the education sector after the introduction of General Data Protection Regulations.
The rise in reports primarily consist of disclosure issues and cyber-attacks during the summer in 2018. This includes accidentally sending information by email to the wrong address, the loss or theft of data or paperwork and unintentional verbal disclosure.
This doesn’t necessarily mean that schools are breaching data regulations more now that GDPR is in place. It is likely that we have seen a rise in reports due to schools becoming aware of the regulations, and therefore are reporting incidents that they would have previously ignored.
Although, the rise in cyber-attacks on schools is something that needs attention. Reports of cyber attacks have risen by 69% in the past year and not all schools have the expertise internally to protect themselves effectively. We’ve put together some tips for Safer Internet Day to help you to adhere to these new rules and keep your schools’ network secure.
How to Protect Your School From Cyber Attacks
Spam Emails
Viruses are often spread using mislabeled files - hidden inside downloads or attached to spam emails. You should make sure to verify the sender of the email and the trustworthiness of the attachments or downloads before clicking on anything included in the email.
Spam emails can appear to be from legitimate sources, however there are warning signs to look out for:
Secure Passwords
When creating a new account a website will usually give you guidelines on how best to create a secure password, however this may not make the password genuinely secure.
Here’s how to make sure your passwords are as secure as possible:
Security Software
It’s important to make sure that your security software is up to date, keeping up with this will help protect you from new attacks and viruses.
Firewalls are a major part of a security plan, as they prevent unauthorised access to a user’s network. This is why we offer Fortigate firewalls, for all of our customers.
Content filtering services such as SurfProtect, block inappropriate websites which can contain malicious files, that can harm your system. This can also block certain file types from being downloaded by unauthorised staff, cutting out a major vulnerability.
Have you assigned a Data Protection Officer (DPO)?
Every state funded and private school or nursery, must have at least 1 named Data Protection Officer (the responsibility can be shared across multiple staff members). They are accountable for the privacy of all data systems you use and ensure the compliance of the regulations required.
Choosing The Right People
Choosing your DPO is not an easy job, as the responsibilities of a DPO include: educating the school and staff on importance compliance requirements, training staff involved in data processing, maintaining records of all data processing activities and much more.
The new data regulations don’t specify any qualifications that the officer will need, but do request the officer to have expert knowledge of data protection law and practices. The DPO’s information must be released publicly. In addition to their expert knowledge, the DPO will be required to thoroughly understand the school’s IT infrastructure in terms of the technology, technical and organisational structure. Ideally the DPO will have the ability to work with staff at all levels and have excellent management/leadership skills - but it is the school’s choice whether they hire internally, externally or both.
Hefty fines can come the school’s way for non-compliance, so it’s important that the DPO understands this - doing everything possible to ensure compliance yet alert the relevant authorities if such an event occurs.
Points for The DPO to Consider
For more information, you can take a look at the government and ICO guidance on GDPR.