For IT professionals in the education sector, security concerns are felt particularly keenly. Like their counterparts in other industry sectors, they worry about the cost and damaged reputation associated with data breaches, but they also must keep students safe online – and recent data breach statistics show that education was the fourth most commonly breached type of organisation in Australia.1
Protecting students online is among the greatest responsibilities for schools, and it is one that IT teams and school leadership take tremendously seriously. But how do you protect students from the perils, without limiting their access to a technology rich education experience?
Australia’s New Notifiable Data Breach Scheme (NDBS)
In 2018, Australia joined many countries in launching its own legislation covering reporting of data breaches. It is important that every school is aware of its obligations to report data breaches, whether caused by cyber-attacks, human error or any other lapse. In fact, of the 262 data breaches reported in the last quarter of 2018, a third were caused by human error. In the education sector, this rose to more than half.2
In a school, where staff in many roles handle data, it is especially important to include staff training in any security plan. An increased focus on automating mundane, manual tasks can also reduce such errors, and can make sensitive data far safer.
Technology in the Classroom
In any classroom, from prep to university, the impact of technology is clear. Apps ranging from maths games to science experiments are giving teachers a massive variety of resources to help them to differentiate content for each child’s needs. Kid today are likely to learn coding and robotics even before they memorise their times tables.
Collaboration, too, is changing education, with students joining lessons and tutorials with peers both locally and worldwide. Assignments are submitted online. And the proliferation of devices students use for schoolwork has grown, stretching the school IT environment far beyond the limits of the Wi-Fi signal. The IT team faces a security challenge unlike any that has gone before.
Securing Many Student Devices
It is hard enough to secure devices within your control against the fast-increasing threat landscape, so how do you protect what is far beyond the school gate? Are those varied endpoints, from visitor laptops to 3D printers, student smartphones to connected whiteboards, vulnerable to intruders? Each presents a possible point of entry, and most are accessed by several people. There is no perfect answer, but every IT professional in an education organisation faces a single truth: visibility is key.
Security Starts with Your Network
You could take many approaches, but since on-campus users are generally mobile, the network is the best starting point. Modern solutions mean that Wi-Fi no longer needs to be a point of raised vulnerability, and it can in fact can aid security. The leaders in this space are Aruba, who have built in features that both address online security and also improve physical safety for students.
This modern Wi-Fi network technology means that when a student’s device arrives on-campus, and moves securely between access points, their attendance can be recorded. This transition, as the student moves from science lab to English class to the sports field, can be done seamlessly, without the first section of each lesson being taken up by the teacher handling login problems. Rather than being a hindrance, strong security increases available teaching time, and ensures that in an emergency, students can be located at any time.
Machine Learning and Security
School environments are typically highly complex, with many different types of users, such as teachers, administrators, students and visitors, moving around a large area. Automation offers important gains. When every user is identified, profiled, secured and monitored automatically upon connection to the network, life becomes easier for helpdesk and IT staff. This type of automation ensures different types of users are defined clearly, so that access to data and systems is carefully controlled.
Put simply, almost every cyber-crime depends on network connection, so this is key to your defence. Investment in security features has made this a competitive battleground, with customers coming out as the winner. Aruba’s resulting ClearPass technology is of particular interest to school IT teams; using artificial intelligence (AI) to interpret information from all devices on the network, the network devices gains insights into behaviour patterns. The devices continually refine this knowledge to help identify irregularities, identifying and segregating risky users or devices. Threats are locked down before they can spread. This is just one example of how AI-enabled network devices offer security gains, while cutting administration time.
As every school knows, though, machine learning and smart networks can only do so much, and education is key. The students themselves, along with administrators, teaching staff and parents, must play a role in protection. Instilling good habits and modelling safe online behaviour, teaching students the importance and value of data, and supporting skills to make sound decisions is a vital element of preparing students for the outside world. Wherever life takes them, your IT security guidance now will have a lasting impact.
Time to review security foundations and compliance at your school, or need to know about safer Wi-Fi networks with easier administration?
Be Proactive, Not Reactive – Contact Somerville to discuss your security strategy.