Cyber security has very much adopted a “not if, but when” mentality to signify the need for a risk management approach in relation to cyber security risks as opposed to the older compliance driven approach. It is my belief that we also need to take a similar approach when it comes to online safeguarding of students.
There was a time when having internet filtering on school computers and an acceptable usage policy was enough to check the safeguarding compliance boxes and be satisfied that a schools had sufficiently met its safeguarding needs. I remember these days when I would check the schools net history on a weekly basis to adjust the filtering and restrict student access to game sites in particular.
Today we find students have phones and other mobile devices which they bring to school, some due to a school BYOD policy and some due simply to the fact that having a smart phone is now part of normal everyday life. These devices all come complete with internet access, including access to social media. Where a school might employ monitoring technologies students can make use of proxy servers, VPNs or an onion browser among other methods to attempt to bypass such technologies. I recently came across a site which would allow anonymous hosting via the Tor network with little to no technical knowledge required. Student might even simply revert to 4G or even 5G to totally circumvent the schools network and any precautions which may the school may have put in place. In the near future, DNS over HTTPS may become the norm which would further make it difficult to block and filter.
In this world we need to accept that no matter what technical measures a school puts in place, students will be able to find a way around such measures. The resultant cat and mouse game between staff and students, with students finding work arounds and then staff seeking to negate them serves no-one, only consuming time and energy on both sides. It is also unlikely to be successful, so we need to accept that in attempting to safeguard students, preventing their access to certain sites and services is likely to be ineffective. Given this the safeguarding focus needs to significantly shift towards awareness and education. We need to seriously look at the discussions in relation to safeguarding which are happening in schools. The opportunities already exist in various subject areas to discuss the implications of big data, cyber security, artificial intelligence, fake news and data profiling to name but a few. We need to ensure that such opportunities are taken and that all schools are confident that they have addressed safeguarding and that thorough discussion with students has taken place. The current political campaigning for example represents a great opportunity to discuss how social media may both report the news but also shape and create it, even influencing peoples decision making.
Online safeguarding used to be a more simplistic compliance exercise, and to some extent these requirements still exist (and the safeguarding guidance certainly still points towards this approach), however we need to take a more holistic view and broader focus. Simply filtering or monitoring specific keywords or categories or banning devices is not enough.