Created on 14 March 2016
The online safeguarding and security challenges facing schools are becoming increasingly numerous and complex. They include:
Schools, local authorities and Regional Broadband Consortia (RBCs) have over many years put a wide range of polices, processes and technologies in place to manage these risks with a great deal of success, such as filtering of email and web content. While these technologies continue to offer very important protections for schools, they can sometimes be defeated by defeated or bypassed via some technologies and techniques, both deliberately in the case of proxy avoidance tools, or accidentally in the case of SSL search.
Proxy avoidance applications can circumvent school web filtering. There are increasing numbers of these and keeping track of and blocking access to them is becoming increasingly difficult. SSL search (where the default for search engines is to operate via encrypted https rather than http) means filtering search queries and results for inappropriate search terms and results is now much more complex, requiring significant engineering changes to filtering systems’ underlying technologies and methods of operation.
The complexity of implementing technical countermeasures to address issues such as these (and the frequency with which new issues emerge) means that additional tools, based on monitoring users’ online activities and flagging inappropriate or dangerous use, can be very useful to augment existing facilities, particularly in the light of the rapid pace of change in this area. They can also be very useful in helping schools meet Ofsted’s requirements in relation to e-safety.
Monitoring and reporting tools enable schools to monitor in real time how their ICT facilities are being used, notifying and alerting staff as appropriate. Clearly such systems are only effective if their outputs are reviewed and acted upon in a timely manner. Solutions which are managed on behalf of schools by third parties can help keep staff and children safe and on-task whilst not placing significant additional technical and administrative burdens on schools, as well as saving time allowing staff to carry out their day to day school duties. They can also minimise the number of “false positive” alerts to ensure schools can focus quickly on any matter requiring urgent action or intervention.
The kinds of facilities monitoring and reporting systems can provide include:
Monitoring and reporting should not be regarded simply as a school IT issue. The approach needs to be embraced and supported by both the school e-safety lead and senior leadership team if it is to be effective.
It is important that all users of school ICT facilities are made aware if a monitoring and reporting solution is deployed. For example, a school’s ICT Acceptable Use Policy (AUP) should clearly state if such a system is in place. Preparation for implementation should involve users (both pupils and staff) to publicise the benefits of the service and encourage buy-in (a top-down approach should be avoided).
Schools should position reporting and monitoring solutions as tools to keep people safe and to maintain the security and integrity of school ICT facilities, rather than as a means of catching people out and punishing them. Monitoring and reporting solutions should form part of a school’s overall approach to safeguarding and encouraging responsible and appropriate use of the internet and ICT.
School AUPs should be current and subject to regular review and update. The school’s AUP provides the underpinning for any monitoring and reporting implementation and so must be current, comprehensive and understood by all users. Schools may also wish to revisit how their AUPs are communicated to users, and also their approaches to user education on e-safety and security matters (see E-Security: Managing and Maintaining Cyber-Security in Schools, 10 Steps To Protect Your School’s Network: A Guide For School Leaders and School E-Security Checklist) as part of implementing a monitoring and reporting solution. Schools may also wish to draw up an additional security policy on the light of the increasing frequency and complexity of e-security risks and issues.
Additional aspects to consider in relation to monitoring and reporting solutions include
Please note: These examples are provided for illustrative purposes only; inclusion here does not imply endorsement by the NEN nor does exclusion imply the reverse. Schools are advised to contact their local authority or RBC in the first instance if considering a monitoring and reporting solution.
Additional advice and guidance from NEN partners includes the following: