COVID-19 is rapidly changing the world in which we live, yet the need to protect children from harm remains the highest priority for teachers, parents and society in general. We are all into unknown territory but are rising to the challenge by using every resource available to us.
The ability to communicate remotely and easily between teacher and learner is a game changer and something which schools are striving to implement quickly. It may take a while to achieve a process that works for everyone, but schools are resourceful organisations and will reach a point very quickly which will be appropriate for all.
However, sadly, there is a group of unsavoury people that know that this is happening. It is a brand-new environment for them to exploit and manipulate. They will feed on this unprecedented situation to further their own despicable wishes to steal from or abuse children, the vulnerable and unsuspecting adults.
The edtech community must do everything in its power to stop these opportunists and to ensure no one comes to harm. Data protection has become the first line of defence in safeguarding our schools and its students and it is a priority for all teachers and parents, whether they are working from school or remotely.
For those teachers whose students are working from home, the risks become much higher. This particularly is the case if a teacher has no knowledge of which devices students are using to communicate with them. However, with simple planning and by applying common sense, we can all reduce the risks; here is my advice to teachers, students and parents.
Device sharing and security
Teachers must remember that they cannot share a device at home unless there is strict access control to the areas they use for school. This will include accessing school emails, learning platforms, an electronic mark book, and administration systems such as SIMS. While a teacher might be very careful of what they access, a member of their family may not. It is essential that all devices are fully up to date with the latest security installation updates and they must have appropriate and updated anti-virus and malware. The school IT Security team should be available at all times to advise teachers.
Teachers should know that when using any device they should be very careful which websites they visit, making sure not to open email attachments from unknown sources. Every teacher will be fully trained in data protection following the introduction of GDPR in 2018. Applying what they have learned becomes critical today.
Simple due diligence of free resources
Teachers, schools and parents have been bombarded by the offer of free resources and support when students are not at school. Many are superb and the authors must be congratulated. If a system can be used which involves no data to be entered, registration or file download and is within a secure website which displays ‘https’ then it should be safe to use.
Communicating with students and vice versa
An area of great concern is direct contact with students. While many parents may take exception to this statement as they carefully protect their children’s devices, teachers must assume that every students’ device may be compromised. Any communication between student and teacher must be considered as high risk. Teachers must consider that their email address may have been compromised and thus emails and files from students could contain all manner of dangerous malware; just because you think it’s from a student doesn’t mean it is! There’s a great website you can use to check if your email address has been compromised: https://haveibeenpwned.com/
It brings home the reason to ensure that every device a teacher uses must have up to date virus and malware protection which should include Adware and Spyware, Internet Security, Ransomware, and Phishing protection. These applications will protect from most attacks but not all.
One of the biggest weaknesses in security is responding to something that is expected without considering that it may be a scam. Teachers will be expecting students to contact them and vice versa and will react. Hackers know this flaw of weakness and will exploit it.
There are a few things both students and teachers can do to reduce risks even if their data is hacked. Teachers know their students personally and have no need to communicate anything other than the students’ name, year and class or group. If a teacher appears to be asking anything more than these basic details such as address or phone number, siblings’ details or any other personal details, students should pass the request onto an adult to allow them to manage the request.
If you believe your device or email have been compromised
It is important to remember that protecting students is a priority at such a high-risk time and you must immediately report this breach to your school DPO in accordance with the school’s breach reporting procedure.
Everybody needs to pull together and there is a group of dedicated edtech specialists who are helping schools through this difficult time, not only offering free trials/access but collaborating to ensure schools receive free impartial advice around protecting children and their data. Keep an eye on the GDPR in Schools website for updates on what free resources are available.
Lynne Taylor, founder and co-CEO of GDPR in Schools (GDPRiS)