Yet again in the news, there has been a recent ransomware hack affecting many institutions, not only in the UK but across the world. So why is this important to teachers?
Well, teachers have access to a huge wealth of sensitive data, which in the wrong hands could feed into a larger network of identity thieves, or could end up in a ransom situation, which has already affected some schools.
Current estimates suggest that 30,000 websites are infected with ‘malware’ each day.
Did you know it that it takes only 10 minutes to crack a lower-case, six-character password!
The internet is a resource we increasingly rely on, and as educators we need to protect both ourselves and our students by being vigilant and aware.
So, what can we do?
Inform your colleagues
Although this is a hugely important issue, you’ll be surprised how many schools aren’t even aware they’re at risk, and/or do not have any procedures in place to protect themselves. Here we’ve put together 10 strategies that teachers can use to make a start on protecting school data – and their own personal data.
1. Password strength
Passwords are often neglected, duplicated and undervalued. Yes, your emails are important! Yes, people do want access to them! We’re not talking about simply protecting yourself from a nosey person, we are talking about advanced and savvy operators, adept at entering platforms with no right to be there. Make sure you use a mixture of upper and lowercase letters, both numbers and symbols, and add an extra level of complexity - ‘&’,’%’ or ‘#’ could make all the difference.
2. Email attachments
One of the new-style cyber attacks on the rise involves hackers purporting to be somebody, or a business that you know and trust. ALWAYS check the details of the sender and URLs (links) for any irregularities. If you are unsure, why not search online for details about the specific sender?
3. OS suitability
One of the main reasons for the recent up-rise in ransomware attacks is outdated operating systems. Remember the recent NHS ransomware attack? It worked because the NHS were running some computers with Windows XP, an out of date, 15-year-old system that hasn’t had a software update released since 2008! As Microsoft and other operators move toward newer and more advanced systems, older hardware/software has been left to the side, with no more security updates. This means that when a vulnerability has been found by hackers, these can be taken advantage of without resistance.
4. Staff Training
In a constantly evolving, technological world, it’s very easy to find yourself out of touch. Schools have a duty to ensure teachers are up-to-date with relevant technology. Too often schools invest in technology without ensuring that staff are confident users, meaning any benefit is potentially mitigated.
5. Email Attachment Scanner
Any email attachment that you receive should pass through a filter. If it doesn’t, this will be regarded as serious negligence. You hold the key to a wealth of personal and sensitive information. Prevention is better than cure, especially when we are talking about security.
6. Secure wi-fi (no personal devices)
In a closed environment, schools and organisations in general can control security quite easily, however with wi-fi accessed by any personal mobile or personal laptop, a certain amount of integrity is lost. We understand in many circumstances this is unavoidable, but it has to be pointed out as a vulnerability and the risk minimised.
7. No memory sticks
Whatever you call it, a fob, a USB stick or a memory pen, they are a major risk. A memory stick can hold any virus that any of its previous connections may have had. Therefore, it’s only as trustworthy as it’s least protected destination.
8. Data Protection Policy
All teachers should receive information and training on best practice when it comes to data protection. While the importance of data has grown exponentially over recent years, it has not yet reached its full potential. The families and students whose data you manage, rely on your professionalism and discretion, and schools need to treat this data accordingly.
9. Be honest
Should you click on something, or download something suspect, time is of the essence. Your instincts will tell you to shut down the computer. The most important thing, is that the computer is disconnected from the internet (if you’re not sure how then just switch it off). You should then go to the appropriate person and explain. In most cases this will just be a false alarm, but it is best to be safe!
10. If in doubt get out
If you have a “that’s strange” moment more than once in a session and you have a bad feeling, then trust your instincts … Log out, seek help, and follow school procedures.
Are you sure that the hardware and software that you are using is up to date? Do your staff need training? Is your internet filtering, anti-virus, and firewall protection correct?