It’s unsurprising that cyber security has been a buzzword recently, considering the number of high profile hacks and subsequent clamour for preventative measures. Often high on the agenda for blue-chip enterprises, is cyber security provision a priority for the education sector?
At the moment, seemingly not.
Our last report into the State of Networking in Education found that cyber-security appears low down the list of priorities for educational organisations, featuring below wireless, cloud hosted services, wired networking, BYOD and MDM. It was certainly a shock when we analysed the results and discovered that security isn't prioritised as much in education as it is in our other markets.
But the question is, why?
It all seems to come down to the focus, within education, on improvements to network 'access'. 68% of those surveyed stated wireless as their top priority over the next three years, and 44% are looking at a significant LAN upgrade in the next year.
The suggestion is that there is a focus on making sure the foundations are in place for the implementation of popular initiatives like BYOD, 1-2-1 iPads and cloud-hosted services. It was no great surprise that these initiatives featured so highly, as they have been popular for many years now, but there was renewed emphasis on reliability with a consistent end user experience.
The demand for access is increasing with the explosion of devices. Whilst fast Internet and cloud based products, like Office 365, are now a must have, there seems to be a culture of 'we don't think we have anything of interest to hackers'. The media publicised hacks are yet to expose schools and as a result many are not yet confronting the issue.
Certainly another contributing factor could be a lack of buy-in from the school decision makers. There will always be more enthusiasm for products that make an instant impact and are clearly visible (e.g new laptops, faster Wi-Fi etc.), leaving issues like security to be responded to in a more reactionary way.
With many schools influenced by teaching staff, who lack high level technical knowledge, the focus is more on the provision and reliability of 'learning technologies' in the classroom. Teachers live in fear of lessons, reliant on technology, failing due to frustrating technical issues and confidence in these methods soon deteriorates when lesson time is not used effectively.
The problem is the threats are there and very real
The difficult situation arises when we consider the very question that prevents organisations from understanding the need to protect the network—'what could the hackers possibly want from my school'? Quite simply, the possibilities are endless and there is certainly no room for complacency when it comes to security in education, regardless of whether systems are online or on site.
We should never underestimate the internal threat of disillusioned pupils who are technically adroit and have plenty of time on their hands. With coding now on the syllabus, and popular online competitions focused around hacking, there is always the possibility that someone on the inside of the network will attempt to put into practice their newly learnt skills in an attempt to compromise the network. It is also worth contemplating disgruntled parents, where there needs to be the consideration that there may be an attempt to extract information from the school.
Data protection, and the governance which surrounds it, should also be a major consideration. These rules are as relevant to schools and colleges as they are to high profile enterprise organisations, like TalkTalk.
We also have an article on how the Prevent Strategy affects schools and higher education, specifically looking at the implications for IT. It reviews the importance of visibility across the network, in order to effectively monitor the behaviour of children and restrict certain content. Whilst this instigated a need to be aware of internal security for the protection of children, it is important not to forget the threat from external attacks.
It’s worrying to see a lack of importance given to network security from schools. It seems to be easier to get funds for technologies that have percieved 'impact' (Wi-Fi, BYOD,1-2-1 etc).
Whilst this is understandable, it is remiss not give due attention to securing the school's IT infrastructure from external sources or internal impropriety. Without these technologies the school will not meet its responsibilities to protect private digital assets and confidential data (including sensitive pupil records).
I suspect security will be an area which will sees the biggest upward shift in the coming years; as the forthcoming 'school hacked' media headlines will push it to the top of the board of governors priority list. In the meantime, it seems as if Wi-Fi and Network performance improvements will remain top of the tree.
Take note...The media will be ready to pounce on the schools who do not take their cyber security responsibilities seriously enough!