Every busy school needs the most secure ICT systems possible. It’s not hard to see why. Firstly, schools hold lots of sensitive information, ranging from student medical records to parents’ bank details. They also have a legal obligation to keep that information safe.

Secondly, schools need to protect their ICT systems from malicious attacks. If a virus or malware takes hold, it can make it almost impossible for a school to function.

Thirdly, schools have a duty to protect students from inappropriate content. Getting this wrong can lead to serious consequences and cause lasting damage to a school’s reputation.

However, in busy schools, it can be hard to keep on top of ICT security. In this blog we share our top tips for making sure your ICT security is effective and that online safety is second nature to both staff and students.

1. Create a ‘Security First’ culture

ICT security is a core aspect of safeguarding. Senior leadership should devise strong ICT policies, make certain they are properly enforced, and ensure they are reviewed regularly. It’s also important to make sure governors are aware of these policies. If you don’t have in-school expertise to create comprehensive ICT security policies, it’s a good idea to work with an external ICT specialist such as ECOM Education to draft them.

2. Ensure physical security of your data

This aspect is sometimes neglected, but it’s vital that schools keep crucial hardware such as hard drives, routers and switches safe. If a school is targeted by thieves, you need to make it as difficult as possible for them to steal both equipment and sensitive data. It’s also a good idea to make sure computers and other devices revert to a password-locked screen when inactive for more than a few minutes.

3. Revisit cloud security

These days, there are significant security advantages to keeping data in the cloud. If sensitive data is not hosted at your school, thieves can’t steal the servers on which it is kept. In addition, good cloud services will handle a lot of your ICT security, such as by applying security patches automatically. The National Cyber Security Centre identifies 14 Cloud Security Principles, designed to help you evaluate the security of cloud services. At ECOM Education, we use these principles to make sure the cloud services we recommend to schools are safe and secure.

4. Use appropriate access control and content filters

Whether you’re setting access controls for staff or pupils, it’s a good idea to only give them permissions to use the apps and services they need for their work or study. Always use appropriate content filters to ensure users can’t access inappropriate or illegal content. It’s always best to err on the side of caution: if a staff member can’t access a needed service, you can always grant permission later if required.

5. Ensure passwords are strong

Always make sure that every user needs a strong password to access school ICT systems. The UK National Cyber Security Centre recommends using passwords made of three random words. Not only are such passwords easier to remember, but they are harder for hacking algorithms to detect.

6. Hold regular training

Schools already have to teach students about online safety. It’s also a good idea to educate both staff and students about online security, such as helping them to spot phishing or spoof emails. ECOM Education can help you devise training sessions that help your users become much more aware of ICT security.

7. Never ignore an update

If apps or services need updating, it’s vital to do this as soon as possible – particularly in the case of security patches and updates. It’s wise to give responsibility for this to either an internal or external expert.

8. Get independent advice

Sometimes it can be hard to take an objective view of your school’s ICT security. That’s where independent experts such as ECOM Education can offer crucial help.

For example, we can conduct regular penetration testing to seek out and repair any security flaws, as well as conduct day-to-day monitoring to detect any unusual activity. We can also audit your systems and recommend secure and cost-efficient hardware and software, not to mention data storage. In addition, we can help you create and implement security policies that make your systems safer, more reliable and simpler to use – while complying with security, safeguarding and data protection requirements.

If you’d like to learn more about how we can help, get in touch with our friendly, expert team today.