Jamie E. Smith, Executive Director – Engagement, South Staffordshire College, Co-Founder Statistics24.com

There are few leaders in further education right now who don’t have a heightened sense of awareness of matters relating to cybersecurity. The arrival of the General Data Protection Regulation or GDPR for short, an evolution and enhanced form of the current Data Protection legislation, will be enforced from the 25th May 2018 in the UK and it has significant implications for all organisations handling personal data, perhaps more so than is widely recognised.

Cybersecurity and data protection are big issues. According to research by the British Chamber of Commerce in 2017 a survey of over 1200 businesses reported that one in five UK enterprises had been targeted by cybercriminals. Cybersecurity specialist resource provider CSO estimates that by 2021 cybercrime will cost a mind boggling $6 trillion a year. The same analysis suggests that it is people, not machines, that will form the primary target for the future of cybercrime. It’s a logical evolution for cybercriminals. With over 6 billion internet users forecast by 2022 it is easier to target people than to overcome the challenges of sophisticated firewalls and security systems.  Gone are the old days of clumsy emails notifying you of a large inheritance from a relative in a foreign land you didn’t know, to be replaced by far more sophisticated techniques based on profiling and targeting individuals.

Whilst it is a requirement under the GDPR for organisations handling personal data to take all necessary steps to ensure that systems and processes are compliant, my contention is that this priority focus can be at the expense of a wider and arguably more critical factor, that of people. If your network, policies and systems are GDPR compliant the biggest threat to a data breach likely isn’t a hacker, it’s your own staff and any wider stakeholders with access to your systems. All the work of the IT specialists available to you can be undone in an instant if a colleague makes a simple and avoidable mistake. This is an inconvenient truth.

Lessons from the Hawaii Ballistic Missile Warning.

On the 13th January 2018 the Emergency Alert System of Hawaii issued a warning via text message to every mobile phone in the US state of Hawaii warning of an incoming ballistic missile threat. You may have seen this on the news as it received widespread coverage. Some 38 minutes later further communications were sent out notifying much alarmed residents that the message was in fact a false alarm and should not have been sent. By then residents were very much in what locals might refer to as a state of ‘hamajang’ where everything feels messed up and chaotic. It was also a little too late for Joshua Versola who, given that the end was apparently nigh, had decided to open his hugely expensive award winning bottle of Hibiki 21 Japanese whisky to enjoy in what turned out not to be his final moments.

hawaii 1

The part of the story that got my attention wasn’t featured on the mainstream news, but it certainly went viral on social media. A member of the Hawaii Emergency Management Agency was featured on the evening news as part of the coverage. Within minutes of this happening it had been noted that in the background of the operation centre were a series of computers. On one of the computers was a post-it note. On the post-it note was a password. To a computer. In the Hawaii Emergency Management Agency operations room. On the evening news.

It’s what my ten year old would call an ‘epic fail’.

It’s a powerful reminder of how a simple mistake could have serious consequences. Advertise your passwords and it’s an open invitation for cybercrime to come calling. Whilst passwords will always be a hugely flawed security mechanism until innovation removes the need for them there are steps you can take to mitigate risk. As a general rule it’s better to keep a sophisticated password than to continually change them (assuming your data has not been compromised at any point) and to live by the old saying that three people can keep a secret as long as two of them are dead. Passwords should never be shared and a good test regarding its suitability is to see if a partner or close friend can get close to guessing it.

Bizarrely there are a number of password logbooks for recording all of your passwords and logins available for you to buy on Amazon right now. Just in case you misplace it they usually have bright covers with titles like ‘All your passwords in one convenient place!’ Convenient indeed for anyone who picks it up. A little sensible thinking in exercising good judgement about staying safe in a digital world can go a long way.

Lessons for Education

trading lessons learned

When it comes to the GDPR avoiding own goals is a prerequisite for leaders in education. Raising staff awareness is perhaps your best weapon and whether you call it professional development, training or similar doesn’t matter. It’s about developing a security culture.

Do your staff know to check that the projector they may be using is not beaming their computer screen onto it when handling personal information? Do colleagues make sure that their screen is not visible to anyone unauthorised to see it? Do you have strict policies and controls in place for printing? Over the years I have been horrified to see what can be left on a photocopier, hence I once removed over 600 of them from an organisation leaving only 26 multi-function devices with better security in their place. Imagine the emotional impact to an identifiable person if sensitive and private medical or wider personal information were to be left on a photocopier?

Do you have strict policies in place to limit the use of portable storage media such as memory sticks? Heard about memory sticks being found attached to sets of keys in car parks? Most people on finding them would insert them into a computer with the best of intentions of finding their rightful owner, only to accidentally infect the entire organisation with preloaded malware and consequently accidentally hold the whole organisation to ransom. Such an easy mistake to make, with such big potential consequences. Just ask leaders in the NHS who had to deal with the WannCry ransomware attack that made three quarters of NHS Trusts very ill indeed in early 2017. Think about the example of memory sticks on car parks attached to a random set of keys and a family photo. Curiosity is in all of us and it can have consequences. Just ask a cat.

Unless they are encrypted the GDPR means you should consider banning the use of memory sticks completely. When it comes to cybersecurity they are always bad news.

Do your staff know how to identify a secure website from one that is possibly a fake site designed to capture information? If not, putting on some simple training and providing regular advice and guidance can go a long way. If you don’t have the internal resources to do this (and many Colleges don’t) then there is a wealth of external talent available to assist and whilst it may require a little investment in external advice, the saying that 'if you think education is expensive try ignorance' very much applies.

128989 0

Don’t panic.

 

Your greatest asset in providing assurance of both GDPR compliance and cybersecurity is the awareness of your staff and stakeholders. Providing regular briefings and involving your community in staying safe in the digital age is not just good practice it’s a necessity now.

As our world becomes ever more digitally connected as the classroom moves increasingly from the campus to the cloud, the complexity and impact of cyber-security will only increase.

In that regard GDPR compliance and cyber-security work does not have a deadline of the 25th May 2018. 

It has a new beginning.

by Jamie Smith, Executive Director, South Staffordshire College, Co-Founder Statistics24.com

You may also be interested in these articles:

Register, Login or Login with your Social Media account:


Advertisers

Upcoming FE Events

Advertiser Skyscrapers

Latest Education News

Further Education News

The FE News Channel gives you the latest education news and updates on emerging education strategies and the #FutureofEducation and the #FutureofWork.

Providing trustworthy and positive Further Education news and views since 2003, we are a digital news channel with a mixture of written word articles, podcasts and videos. Our specialisation is providing you with a mixture of the latest education news, our stance is always positive, sector building and sharing different perspectives and views from thought leaders, to provide you with a think tank of new ideas and solutions to bring the education sector together and come up with new innovative solutions and ideas.

FE News publish exclusive peer to peer thought leadership articles from our feature writers, as well as user generated content across our network of over 3000 Newsrooms, offering multiple sources of the latest education news across the Education and Employability sectors.

FE News also broadcast live events, podcasts with leading experts and thought leaders, webinars, video interviews and Further Education news bulletins so you receive the latest developments in Skills News and across the Apprenticeship, Further Education and Employability sectors.

Every week FE News has over 200 articles and new pieces of content per week. We are a news channel providing the latest Further Education News, giving insight from multiple sources on the latest education policy developments, latest strategies, through to our thought leaders who provide blue sky thinking strategy, best practice and innovation to help look into the future developments for education and the future of work.

In May 2020, FE News had over 120,000 unique visitors according to Google Analytics and over 200 new pieces of news content every week, from thought leadership articles, to the latest education news via written word, podcasts, video to press releases from across the sector.

We thought it would be helpful to explain how we tier our latest education news content and how you can get involved and understand how you can read the latest daily Further Education news and how we structure our FE Week of content:

Main Features

Our main features are exclusive and are thought leadership articles and blue sky thinking with experts writing peer to peer news articles about the future of education and the future of work. The focus is solution led thought leadership, sharing best practice, innovation and emerging strategy. These are often articles about the future of education and the future of work, they often then create future education news articles. We limit our main features to a maximum of 20 per week, as they are often about new concepts and new thought processes. Our main features are also exclusive articles responding to the latest education news, maybe an insight from an expert into a policy announcement or response to an education think tank report or a white paper.

FE Voices

FE Voices was originally set up as a section on FE News to give a voice back to the sector. As we now have over 3,000 newsrooms and contributors, FE Voices are usually thought leadership articles, they don’t necessarily have to be exclusive, but usually are, they are slightly shorter than Main Features. FE Voices can include more mixed media with the Further Education News articles, such as embedded podcasts and videos. Our sector response articles asking for different comments and opinions to education policy announcements or responding to a report of white paper are usually held in the FE Voices section. If we have a live podcast in an evening or a radio show such as SkillsWorldLive radio show, the next morning we place the FE podcast recording in the FE Voices section.

Sector News

In sector news we have a blend of content from Press Releases, education resources, reports, education research, white papers from a range of contributors. We have a lot of positive education news articles from colleges, awarding organisations and Apprenticeship Training Providers, press releases from DfE to Think Tanks giving the overview of a report, through to helpful resources to help you with delivering education strategies to your learners and students.

Podcasts

We have a range of education podcasts on FE News, from hour long full production FE podcasts such as SkillsWorldLive in conjunction with the Federation of Awarding Bodies, to weekly podcasts from experts and thought leaders, providing advice and guidance to leaders. FE News also record podcasts at conferences and events, giving you one on one podcasts with education and skills experts on the latest strategies and developments.

We have over 150 education podcasts on FE News, ranging from EdTech podcasts with experts discussing Education 4.0 and how technology is complimenting and transforming education, to podcasts with experts discussing education research, the future of work, how to develop skills systems for jobs of the future to interviews with the Apprenticeship and Skills Minister.

We record our own exclusive FE News podcasts, work in conjunction with sector partners such as FAB to create weekly podcasts and daily education podcasts, through to working with sector leaders creating exclusive education news podcasts.

Education Video Interviews

FE News have over 700 FE Video interviews and have been recording education video interviews with experts for over 12 years. These are usually vox pop video interviews with experts across education and work, discussing blue sky thinking ideas and views about the future of education and work.

Events

FE News has a free events calendar to check out the latest conferences, webinars and events to keep up to date with the latest education news and strategies.

FE Newsrooms

The FE Newsroom is home to your content if you are a FE News contributor. It also help the audience develop relationship with either you as an individual or your organisation as they can click through and ‘box set’ consume all of your previous thought leadership articles, latest education news press releases, videos and education podcasts.

Do you want to contribute, share your ideas or vision or share a press release?

If you want to write a thought leadership article, share your ideas and vision for the future of education or the future of work, write a press release sharing the latest education news or contribute to a podcast, first of all you need to set up a FE Newsroom login (which is free): once the team have approved your newsroom (all content, newsrooms are all approved by a member of the FE News team- no robots are used in this process!), you can then start adding content (again all articles, videos and podcasts are all approved by the FE News editorial team before they go live on FE News). As all newsrooms and content are approved by the FE News team, there will be a slight delay on the team being able to review and approve content.

 RSS IconRSS Feed Selection Page