8 essential data privacy and security tips for schools
In this era of increasing data sensitivity, the need for schools to effectively meet their privacy and risk obligations is paramount. Here are our top privacy and risk tips that schools can implement to help mitigate the risk of breaches, ensuring the protection of students’ personal data and compliance with regulations.
8 tips for data security
1. Be aware of social engineering
Be aware of social engineering. If you didn’t expect the email, chances are it could be a phishing attempt. If you didn’t expect the call, validate the person’s identity and call them back on their registered office number. If you didn’t expect the person, don’t let them in until validated.
2. Secure your devices and networks
When working remotely, be cautious when using public WiFi networks, as they can pose a significant risk to your school's data security. Instead, consider using a secure and encrypted connection to protect your data. Or better yet; put your laptop away and enjoy your latte instead.
Always make sure your computer is receiving updates to its antivirus, speak to your IT team if you have any doubts.
3. Physical security matters too
Be careful what you leave laying around in the office, ensure your desk remains clear of confidential or personal information.
Always collect your printouts. You will be surprised at what you can sometimes find left on a printer!
Having visitors is lovely, just be careful what they can see and ensure they are accompanied wherever possible.
4. Develop good habits for data security
Always lock your computer when you walk away from it, even if it’s for a couple of minutes. It can take seconds for someone to access something they shouldn’t have access to – imagine the consequences in a school environment. Have you ever had to investigate a situation where a student changed their own behaviour record on a staff computer when it was left unlocked? Don’t start now!
5. Transfer data safely
Always transmit data containing personal information securely.
If you have to use email, then password-protect files that contain personal information before transferring out of your organisation’s control. Deliver the password via another means such as a phone call to the individual.
Double check your “To:” field and always remember to use BCC if contacting large numbers of people.
6. Use USBs and removable media with caution
Avoid using USB sticks altogether for storage of any data that contains personal information. With modern cloud technologies at your disposal, think about changing your habits in this area.
If you have to use a USB stick in your role, consider purchasing an encrypted USB stick. Remember, a lost USB stick with lots of personal information on it could easily become a notifiable breach.
7. Embed security into your work pattern
Consider security at the start of a project, rather than as an afterthought. A Privacy Impact Assessment is a very good way of risk assessing a project at the early stages and ensuring the necessary security controls are in place to protect personal information.
Consider keeping a departmental risk register. Using a risk register can help you remain transparent about any security concerns you have and quickly decide on ways to mitigate the risk. It’s also very useful evidence that you are considering security in your work.
8. Get to grips with your passwords
Consider using a password manager where appropriate and make your passwords suitably complex. On that note, the US National Institute of Standards and Technology (NIST) provide useful recommendations on password management. In short, they recommend a minimum of 15 characters and using a combination of random words instead of your traditional complex password. It will take a while for this to be generally accepted as it’s a significant change to current practice almost everywhere.
The journey to data security and privacy doesn't end here. With these 8 tips, you've taken a crucial step towards safeguarding your school's sensitive information. To stay ahead of the game, consider joining forces with Tes, a trusted partner in education, to access a range of expert resources and practical solutions.
From guidance on data protection regulations to tools for streamlining your workflow, we're here to support you every step of the way. By working together, we can help you build a culture of data security and privacy that benefits everyone in your school community.