How to create data security training for staff and students | Feb20 Newsletter
When it comes to data security at schools, it’s people — not systems — that represent the greatest threat. Firewalls, antivirus software and even the most sophisticated security measures can only go so far. If a staff member loses a smartphone, tablet or thumb drive, all bets are off: if the device ends up in the wrong hands, you could be dealing with problems far bigger than a missing piece of hardware.
However, it’s not just physical loss that can put data at risk. Schools are attractive targets for cybercriminals, since they hold student, financial and other data that can be used for a variety of crimes, from stealing money to identity theft. Moreover, it only takes a moment of inattention to cause a problem — like when a school’s administrative assistant clicked on an email link and unleashed a four-day cyberattack.
It’s All About the Users
The proliferation of bring-your-own-device (BYOD) policies and learning management systems (LMSes) means that there are more entry and exit points into school systems than ever before. That is why it’s vital that students, teachers, parents and administration be on their toes when it comes to security.
**It only takes a single incident — a shared file, poor password management or deliberate data theft — to kick off a chain of events that can escalate dramatically.
Training is the key. While it is important to have the full suite of security technologies installed on a network, it’s equally important to ensure all staff understand their responsibilities, and that the IT department enforces policies and procedures.
Responsibility sits with IT
School IT departments should take the lead in training users about the risks their actions may present. That does not mean a one-off, in-one-ear-out-the-other approach. The most effective IT departments are not locked away in a corner of the school: they’re visible and known to the kids, and are brought in on in-class and staffroom training.
Best practices for such training include:
Training early, train often. In IT, the goalposts are constantly shifting with new technologies, apps and potential threats. Additionally, staff, students and teachers come and go in a school, which means that training needs to be constantly updated.
Keep it simple. Avoid unnecessary jargon and keep presentations non-technical. Concepts and terminology that are familiar to IT departments may be alien to end-users.
Always explain. Unless a user understands why a rule has been put in place, they are likely to ignore it. IT departments need to give very clear explanations.
Share examples. It helps to provide real-life examples of good practices (e.g. how to spot a virus-filled email) and bad (e.g. what happens when an email virus is unleashed). This helps make the consequences more real for the listeners. Even something as simple as sharing photos of students can have significant security ramifications.
Involve the parents. Parents are increasingly being given access to learning management systems, and so they play an important role in protecting data security and their personal information. Make sure they understand the risks and how to mitigate them.
There are a few easy ways your IT department can familiarise staff and students with data security:
Create short videos of training basics, and make them readily accessible.
Send fake malicious emails to keep staff and students on their toes.
Partner with teachers to see how they might incorporate data security into their lessons.
Keep communicating face-to-face with parents, teachers and students about data security.
The IT department needs to be on its toes in an increasingly online environment at schools. Are you communicating clearly enough? Do staff, students and parents understand the reasoning behind the requests? Do they have suggestions on how issues might be approached differently? Opening the lines of communication between IT and others can help build relationships that boost compliance, providing a vital layer of data security and making your school (and its data) even safer.