IT Security, Like Physical Security, Requires A Whole-of-School Community Response

IT-Security

By Michael McKinnon.

The continuing evolution of our relationship with the internet will see IT use policies developed by schools shifting from one of blanket technology bans, to values based guidance on safe usage of the web. The focus is increasingly on the positives, such as how online innovations can be explored safely for enhanced learning outcomes.

A 2009 Federal Department of Education, Employment and Workplace Relations funded report, Web 2.0 Site Blocking in Schools, found that 86 percent of Australian schools blocked Facebook, 57 percent blocked YouTube and 14 percent blocked Wikipedia. The report stated that “blocking in schools is a risk management response to the difficult and poorly understood issues that schools face in trying to balance cybersafety concerns with the desire to harness innovative web use”.

Two years since that report, the expanding use of social media would suggest that this block rate has dropped significantly. For example, in April 2011, NSW public school teachers were granted permission to use Facebook, Twitter and other social media in the classroom, albeit while student access remained blocked. Not only that, but the advent of smart phones and tablets – the mobility technologies that have pervaded all our lives – means that we are living in a connected world.

Internet security awareness should know no boundaries. The protection of school IT assets, privacy protections for teachers and online curriculum development must become a whole-of-community program. The success of any school IT use policy requires the ongoing collaboration of teachers, pupils and their families.

The approach to internet security should be treated as we would treat threats and risks in the physical world. Awareness building and practical responses are profoundly more effective than uninformed scare tactics and prohibitions. Nor is there a finishing line when it comes to security; it is a continuous process and we need to keep the message fresh. Curiosity, a love of enquiry and embracing innovation are all positive attributes as long as the observance of care and risk mitigation coexists to underpin, and not overlay, the exploration of technology.

It Won’t Happen To Me

Technology and internet usage saturates modern life. So messages about personal protection and online security need to permeate our consciousness. But getting that through to tech savvy youngsters is not so easy.

Approximately half of the six- to nine-year-old children surveyed in the 2011 AVG Digital Diaries * are regularly talking to their friends online and using social networks, and 60 percent use some kind of children’s social network such as Club Penguin, Moshi Monsters or WebKinz. A staggering 58 percent of parents admit their 10 to 13 year olds have access to mainstream social networks, directly contravening Facebook’s established minimum age restriction of 13 years or older.

Teenagers may not be managing stock portfolios or paying the mortgage online, but their online activity more closely mirrors that of an adult. While technologically adept, these children do not have the equivalent social or emotional maturity, despite what they might think. From kindy kids to teens, they are often under enormous pressure to get the latest gadget, swap passwords as signs of affection, and indulge in the easy nastiness of cyber bullying. Even as they head off to university, the statistics show older teens are still far too trusting in letting ‘friends’ stand around while they use an ATM only to shortly after find their wallets and bank funds missing.

Positive Behaviours

Teaching respect for personal and school property, and respect for others, is the same irrespective of whether it relates to the physical or online world. Given that, for the current generation, the two are often interwoven, the ubiquitous nature of pupils’ IT use means that a collaborative approach is essential to maintain dynamic, relevant IT and internet security guidelines for school and home. These guidelines should be built on human values, not technology features. Inflexible policy risks being sidelined by technically adventurous students, who may perceive it to be out-of-date and unnecessarily restrictive.

The Community In Action

Getting pupils to understand the risks is part of the education process. A boys’ high school in Sydney invited a police officer to come and speak about IT and social networking security. He had classes of cynical teenagers aghast within moments as he proved to them how easy it was to break into someone’s personal profile. Privacy settings and PIN locks were rapidly updated throughout the school community.

Keeping teachers and parents on the same page is vital to instilling the best online behaviours in children. Parents realise they’ve fallen behind the technology game by about the time their child picks up the remote control for the first time. Schools that run Technology for Parents programs have great success in keeping open the lines of communication.

Here are some useful tips to help keep everyone secure online:

1. Same security behaviour for online and physical worlds

Online security and personal protection has a mirror image in the real world: if you wouldn’t say it to someone’s face, don’t say it online. If you wouldn’t want to see these people or establish a friendship group in the real world, then don’t do it online. If you wouldn’t give them your wallet, then don’t let them see your ATM or smartphone PIN.

As you would lock your front door at night, monitor your profile and privacy settings on the various social networking sites and take advantage of any advances in their security offerings.

2. Always on, automatically updated security

Schools and homes should install automatically updated operating systems, and internet and anti-virus solutions not only for computers and laptops but, importantly, ensure that other gadgets such as external hard drives, gaming consoles, USB sticks, tablets and smartphones are also attended to.

3. Size does matter with passwords

Teach students how to set strong passwords, and keep them private. Using the longest word string allowable helps to strengthen your security – see www.grc.com/haystack and experiment with how easy it is to create an un-crackable password by including a combination of upper and lowercase letters, numbers and symbols.

4. Log out

Always log out of every application or social networking site, and always use the highest rather than default security settings.

5. Stop and think before you click

Encourage students to be alert as they explore the internet and teach them how to ‘roll over’ a link to view the real destination before clicking through. Free web link scanning software should be installed to real-time checks for any malware that may be lurking on web pages.

Get Connected Safely

There is a huge body of work in the area of IT security education being produced by government and private sector agencies and it is available free of charge to the teaching and wider community:

1. The Federal Department for Broadband, Communications and the Digital Economy (DBCDE) site www.dbcde.gov.au, has an online safety and security section which encompasses:

  • A cyber safety ‘Help Button’ download page with information and assistance to deal with online safety issues
  • Cyber safety plan, including a range of measures for the education sector
  • Cyber security initiatives to protect home users, students and small business from electronic attacks and fraud.

2. Scamwatch

From the Australian Competition and Consumer Commission.

3. StaySmartOnline

For teachers, teens and children this cyber security website provides information for Australian internet users on the simple steps they can take to protect their personal and financial information online.

4. Cybersmart education program

Managed by the Australian Communications and Media Authority (ACMA): provides internet and mobile safety advice and activities. It also includes a great list of national, state and territory cyber safety policies.

5. Each of the State Government education departments has built its own technology resources.

6. The NSW Education Department

Provides essential information for students, teachers and parents about digital citizenship and being safe, positive and responsible online. It has created a series of lessons covering different aspects of online interactions, including a mock-up site called Tracebook where students learn about using social media sites.

7. The Alannah and Madeline Foundation’s eSmart program

 

Michael McKinnon is Security Advisor for AVG (AU/NZ) Pty Ltd. With more than 20 years’ experience in the industry, he is passionate about new and emerging technologies and committed to educating the community on safe online practices. He is renowned for delivering informative and entertaining presentations on internet security, now and into the future; keeping children safe online, and protecting small businesses from online threats. AVG (AU/NZ) Pty Ltd assists schools with discounts of up to 50% on its award winning protection software that is backed by unlimited, expert technical support.

For more information, please visit www.avg.com.au or email: info@avg.com.au.

 

The following two tabs change content below.
Education Technology Solutions
Education Technology Solutions has been created to inspire and encourage the use of technology in education. Through its content, Education Technology Solutions seeks to showcase cutting edge products and practices with a view to expanding the boundaries and raising the standards of education curricula. It introduces teachers and IT staff to the latest products, services and developments in education technology with a view to providing practical how-to guidance designed to facilitate the integration of those products and services into the school environment in the most productive and beneficial manner possible.

There are no comments

Add yours