Before changes to GDPR came into force, there were a lot of companies and consultancies that were offering advice to schools, and some schools bought into expensive subscriptions for a consultant to review their data management. The risk with this is that it can be costly for the school and outsourcing responsibility in this way does little to engender data security awareness amongst school staff. Since they are the data gatekeepers, that’s a real issue.
The human solution is vital. We believe it’s important for schools to be able to take ownership over this issue themselves, to conduct their own audit with guidance and to have a clear understanding of what is expected of them. This means that training and awareness are the two most important tools for data security. Awareness will help ensure that compliance is a priority when procurement decisions are being made, especially as more and more schools move to cloud-based services. Training means that staff are more aware of when a breach is possible and become more vigilant at securing data.
There are some steps that schools can take to make sure that data remains as secure as possible. Many of these relate to daily procedures, as often it is human error that leads to a breach. Some of these are simple but surprisingly effective, such as setting a 2-minute delay on your emails. It’s all too easy to copy the wrong person into an email and if you’re sending sensitive information, this could have serious repercussions; that 2-minute delay means the email sits in your outbox and gives you the chance to rectify something before it becomes an issue.
It’s also important that the training is reviewed regularly, as risks can evolve, whether through using new systems or from new external cyber security threats. This doesn’t have to be lengthy training, just simple reviews and updates for all staff to remind everyone of the key principles. Without these reviews, the human solution may not be as consistent as it needs to be, and simple errors, such as copying the wrong person into an email with sensitive information, or leaving your laptop on when you leave a room, can lead to significant data breaches.
Threats are evolving constantly, and so are the solutions available to schools. I think the biggest danger actually comes from assuming that what is true today will be true tomorrow – the only way to be sure that you’re up to date on all threats is to review your data security protocols regularly.
Amanda Jackson, Senior Inspector
School Improvement Services