As we make greater use of technology in our schools we make greater use of online services. We might make use of an online communication tool to improve on communications with parents. We might make use of Google Apps or Office 365 to allow staff and students to have cloud storage so they can access their files when away from the school or on any device. We might engage with an online maths tutorial site so students can undertake self directed study online and further develop their maths skills. We might make use of a site to manage trips or resource bookings within our school. The number of online services we are using in schools is increasing and therefore we are sharing more and more data with online service vendors.
The above is important to note given the new general data protection regulations are speeding towards us. These new regulations will come into operation in May 2018 and will put a focus on all organisations to prove that they comply. It is therefore important that all organisations including schools get a handle on the data which they have and how it is stored and processed. For schools part of this includes examining where third party services are being used such that the schools data is processed and/or stored by these service providers. We need to be asking what these service providers do to ensure the security of our data.
To aid the above, the need to review third parties, and the increasing use of third party online sites, the government has created their Self Certification process for vendors to self-certify their provision in relation to data protection where they offer cloud software services for schools. You can view this here. The thing that worries me is that as I write this there are only 38 vendors listed which appear to have submitted a self certification. This represents only the very very tip of the iceberg which represents the vast range of services being used by school.
We all need to push vendors to answer questions in relation to the protection of our school data. We need to push them to self-certify and to share what they are doing. We need to ask the difficult questions now before they are asked of us later.
Have you considered the data protection of school data on third party services lately? It is time you did!
Sat on the train going on my way back from London and I noticed my Samsung Galaxy phone was displaying a message telling me that it had detected a Samsung Gear device near me and wanted to connect. The connection it was trying to establish was via Bluetooth which was enabled to allow my phone to connect to my cars audio system. I hadn’t even thought to disable it.
As I look around the train I can see various people making use of mobile devices including laptops as we speed through the countryside. The train is equipped with Wi-Fi thereby allowing everyone to remain connected even as they travel.
Two things worry me about the above. The first worry is that of stray connections such as the one my phone tried to make with another passengers Samsung Gear. As the various people on the train sit watching their video on their device, listening to music or working away their mobile devices are constantly seeking to make connections. To connect to Wi-Fi for internet access, to connect via Bluetooth to external speakers, wireless headphones or in car audio devices. As we use more and more technology our devices become more and more interconnected. In doing so though we expose ourselves to an increasing risk of inappropriate connections being made either due to device error or due to human error, such as if I had accepted the connection which my phone was trying to make without reading the actual message. These inappropriate connections may then give rise to unauthorised access and download of our data or to malicious acts being committed via our devices.
The other thing that worries me is the free Wi-Fi. Now I suspect most people assume that the trains Wi-Fi is sufficiently secure although I cannot be sure of this. The issue is the ease with which a passenger on the train could bring their own Access Point and set up a dummy Wi-Fi network, pretending to be the train providers network, for other passengers to connect to. By doing so the owner of the dummy AP could gather data from those on the train who connect to the dummy AP. This just seems all too easy.
The third thing that worries me is general awareness and consideration of security. I doubt many people other than myself was giving cyber security of the many devices in use in the train carriage I sat in much in the way of consideration. I would love to be able to survey people on a train or in another public space where free Wi-Fi is available in order to prove or disprove this assertion. My belief, until I have any evidence to the contrary, is that we are a little too accepting.
Events such as the recent National Health Service ransomware attack highlights the issue of cyber security however the impact is not limited to big incidents occurring to big organisations like the NHS. It affects each and every one of us, every day, even when sat on a train. Also we cannot afford to be outraged and concerned only when a large breach like the WannaCry virus occurs, before almost instantly returning back to normal and forgetting all about security and the potential risks and implications.
We need a societal shift in terms of our perception of cyber security.
Over the past 2 weeks I have been regularly posting my thoughts in relation to Digital Literacy over on my new blog site as www.beingdigitallyliterate.wordpress.com
So far I have posted on 6 different areas related to digital literacy:
- Digital Literacy: Some initial thoughts on what the term means
- Evolving Technology: How the pace of technological change impacts of digital literacy
- Cross Platform Skills: The need to develop the ability to work across different platforms and software and to learn how to use new solutions as they arise
- Awareness of Technology: We use technology all of the time but are more aware of some technologies we use than we are of others
- Encryption and public safety: The internet provides a safe place for all including those who wish to do that which is evil or illegal but weaker encryption isn’t the answer
- Where’s my data: We sign up to more and more services in doing so share more and more data with the internet
I hope to continue adding the site with regular posts, with each post posing questions to promote thinking and/or discussion. Hopefully over time the site will build to become a useful resource.