Wesleyan Bank

Wesleyan Bank

Data with destiny – how schools can tighten their IT security measures before it’s too late

The value of modern ICT applications and devices to pupils is being increasingly recognised by UK schools, evidenced by them investing over £1 billion in technology in the past five years. ‘Connected’ classrooms, which enable students and teachers to share information and collaborate using integrated systems on a school’s WiFi network, are helping to transform learning across all subjects to replace more traditional teaching methods.

A recent study - Mobile Devices in Early Learning – was carried out on 650 primary school and nursery school children in Belfast to assess how mobile devices influenced pupils’ learning performance over a two-year period. At the end of study, researchers from Stranmillis University College determined that young children’s numeracy, literacy and communication skills improve if they use iPads in school on a regular basis. Contrary to initial fears, teachers discovered that children using handheld devices for learning purposes were highly motivated and engaged with boys particularly showing greater enthusiasm when using digital technology to produce pieces of written work.

In the future, more schools are set to experiment with new technological innovations, such as 3D printing and virtual reality apps, to move away from pupils simply ‘learning’ a subject or topic to ‘feeling’ the content to engage with a variety of learning styles.

Data drowning is creating a sea of opportunity for criminals

Technology’s ability to innovate in education is changing the way teachers are required to collect information and analyse student performance. Government policy now requires schools to capture increasing volumes of data, but fulfilling this principle can be time-consuming and is further restricted by outdated software and unreliable IT infrastructures. ‘Data drowning’ also means that they are at greater risk than ever before of sensitive pupil and school financial data from falling into the wrong hands, which could potentially bring chaos to unassuming education institutions.

Cybercrime is on the increase and UK schools are inviting targets for criminals who are adept at breaching lax IT networks to make significant financial demands. The global cyberattack in May, which brought parts of the NHS to its knees, left UK schools unscathed but warning signals have been sounded. Earlier this year, some schools reported that hackers had demanded payments of up to £8,000 to unlock data they had encrypted with malware.

In the United States, the education sector is the third most likely to be vulnerable to cybercrime. This was highlighted when a school in Los Angeles was forced to make a ransomware payment of $28,000 after criminals had compromised its computer network by infecting IT services, email and other collaborative tools. While there are no comparable examples, security experts warn that UK schools may not be far behind in facing escalating and more sophisticated threats. Online fraudsters, claiming to be from the Department of Education, have tried a combination of cold calling and email scams to gain access to a school’s data which if successful could have caused potentially devastating effects.

The cost of cyberattacks to schools

Financial pressures make schools more vulnerable to cyberattacks. The average ICT budget for a primary school is forecast to be £13,800 in 2017/18 and £58,230 for secondaries, a year-on-year decline of 4 per cent and 7 per cent respectively. In times of pressure, cuts to funding are likely to result in more schools relying on out-of-date IT systems on insecure networks where anti-virus software and security patches may have been installed but have not been subjected to regular maintenance services.

Schools which believe they are less likely to be targeted by criminals due to them only focusing on larger commercial organisations should think again. In 2016, a student in Japan simultaneously brought down 444 school networks through an unprecedented cyberattack. Although the student’s primary motivation wasn’t financially driven, the cost impact on the affected schools will have been substantial.

Without adequate IT security measures in place, schools are likely to fall foul of new European Data Protection Regulations which come into effect in 2018. The legislation will require educational institutions to notify the Information Commissioner’s Office of any serious data security breaches within 24 hours and inform all affected individuals at the same time. Any school or further education provider that does not comply with the new regulations will be subject to fines. This would have certainly happened to one UK school that left a computer running for five days after it had been intercepted by hackers without informing its local authority, resulting in a virus spreading throughout its computer system.

Prevention is better than cure with tailored finance solutions

It is easier to stop something from occurring in the first place than to repair the damage long after it has happened. By deploying advanced firewalls, intrusion prevention solutions and stricter network access controls schools can add additional layers of security to their Wi-Fi network with more than just a password. Leading software systems also enable schools to create and manage users, restrict their permissions and assign individual user log-ins to better safeguard their data. In addition, it’s essential to ensure that anti-viral and anti-malware software is up-to-date and regularly maintained to create a robust a IT infrastructure that is underpinned by a clearly communicated data protection strategy.

Whilst schools may acknowledge the growing threat of cybercrime, many are working to strict budgets which makes it exceedingly difficult for them to sustain investment into IT security, particularly when the scale and complexity is changing. Flexible and tailored asset finance solutions from specialist providers to education institutions, such as Wesleyan Bank, can help. They enable schools to acquire the technology they need and have it installed before they are required to start paying towards the cost of software and associated support and maintenance services.

Paying for new IT equipment over time (typically over one to five years) can assist education institutions to manage dwindling budgets by offering greater predictability over cash flow. In turn, this can help to accelerate return on investment in technology and ensure that modern learning facilities do not become easy targets for opportunist cybercriminals.

Spreading the cost of cyber training and insurance

When it comes to thwarting cybercrime, robust IT systems are as equally important as staff training and awareness. After all, even with sophisticated anti-malware software in place schools only require an unsuspecting end user to click on a link in a malicious email to expose their computer network to hackers. Given that UK pupils now spend over 50 per cent of classroom time engaging with IT, many teachers acknowledge that it has become more paramount for them to be receiving continuous professional development into all aspects of data security.

According to a survey by the British Educational Suppliers Association (BESA), teachers see ICT training as a key requirement with 51 per cent of primary school teachers and 49 per cent of secondary school teachers admitting they need guidance around e-safety issues. Furthermore, BESA’s findings revealed that concerns around the security of data is the main barrier preventing schools from moving to cloud-based IT solutions.

Ongoing IT consultancy services often get pushed to one side or even forgotten in school budgets. Bespoke and unsecured loans from trusted finance providers allow education institutions to invest in security awareness training and 'health check' audits from external IT consultants who can assess a school’s network security processes and flag susceptibilities to minimise potential vulnerabilities. Additionally specialist finance solution providers, including Wesleyan's General Insurance division, offer cyber insurance covering loss in the event of a data breach. Premiums for these insurances can also be paid over time using finance.

Cyberattacks are growing and now arguably represent an even greater threat to education institutions than ever before. Flexible finance solutions enable the purchase of essential security technology and other intangible assets over a set period of time to ensure better cash flow management at a time of Government funding cuts. And although no school may ever be 100 per cent secure, at least they can demonstrate they are doing everything they can to protect and maintain the trust of pupils and parents, while remaining compliant with evolving data protection regulations.

Wesleyan Bank is proud to work in partnership with academies, primary/secondary schools, colleges and universities to help realise their technological and educational potential. From ICT and learning platforms, to recreation and sports equipment, we work with you to intelligently deliver best value investments. As a BESA member you can rely on our knowledge and expertise.