Created on 14 March 2016

Background

The online safeguarding and security challenges facing schools are becoming increasingly numerous and complex. They include:

  • Preventing access to inappropriate, harmful or illegal online content, covering areas such as pornography, violence, gambling and copyright infringement.
  • Discouraging and protecting children from harmful online behaviours such as online bullying, sharing personal information inappropriately or dangerously and grooming.
  • Preventing and protecting against online extremism and radicalisation activities: schools and childcare providers have a legal duty to have due regard to prevent people from being drawn in to terrorism (also see this Department for Education press release from January 2016).
  • Preventing and protecting against a wide range of security challenges and threats, such as hacking, distributed denial of service (DDoS) and other cybercrime attacks. The National Crime Agency recently reported that six individuals arrested in connection Operation Vivarium (which targeted users of hacking group Lizard Squad’s Lizard Stresser tool) with were all males aged from 15 to 18.
  • In December 2015, the Department for Education announced that all schools will be required to put in place strengthened measures to protect children from harm online – including cyber bullying, pornography and the risk of radicalisation.

Schools, local authorities and Regional Broadband Consortia (RBCs) have over many years put a wide range of polices, processes and technologies in place to manage these risks with a great deal of success, such as filtering of email and web content. While these technologies continue to offer very important protections for schools, they can sometimes be defeated by defeated or bypassed via some technologies and techniques, both deliberately in the case of proxy avoidance tools, or accidentally in the case of SSL search.

Proxy avoidance applications can circumvent school web filtering. There are increasing numbers of these and keeping track of and blocking access to them is becoming increasingly difficult. SSL search (where the default for search engines is to operate via encrypted https rather than http) means filtering search queries and results for inappropriate search terms and results is now much more complex, requiring significant engineering changes to filtering systems’ underlying technologies and methods of operation.

The complexity of implementing technical countermeasures to address issues such as these (and the frequency with which new issues emerge) means that additional tools, based on monitoring users’ online activities and flagging inappropriate or dangerous use, can be very useful to augment existing facilities, particularly in the light of the rapid pace of change in this area. They can also be very useful in helping schools meet Ofsted’s requirements in relation to e-safety.

 

Monitoring & reporting solutions – what they do

Monitoring and reporting tools enable schools to monitor in real time how their ICT facilities are being used, notifying and alerting staff as appropriate. Clearly such systems are only effective if their outputs are reviewed and acted upon in a timely manner. Solutions which are managed on behalf of schools by third parties can help keep staff and children safe and on-task whilst not placing significant additional technical and administrative burdens on schools, as well as saving time allowing staff to carry out their day to day school duties. They can also minimise the number of “false positive” alerts to ensure schools can focus quickly on any matter requiring urgent action or intervention.

The kinds of facilities monitoring and reporting systems can provide include:

  • Scanning for and flagging harmful or inappropriate activity, reinforcing schools’ acceptable use policies for ICT facilities. Such scanning may be based on images and/or a regularly updated library of words and phrases (including slang) and may detect inappropriate language both typed via a keyboard or displayed as part of a web page.
  • Capturing and logging details of user, device, time and nature of incident, providing evidence (for example, screenshots) to support interventions or sanctions as required. Systems may also provide an immediate response directly to the end user in some instances.
  • Access to reports, alerts and other facilities via a management console.
  • In the case of managed solutions, the third party will contact the school directly in the event of any pre-agreed serious issues where immediate action or intervention is necessary.

 

Implementation considerations

Monitoring and reporting should not be regarded simply as a school IT issue. The approach needs to be embraced and supported by both the school e-safety lead and senior leadership team if it is to be effective.

It is important that all users of school ICT facilities are made aware if a monitoring and reporting solution is deployed. For example, a school’s ICT Acceptable Use Policy (AUP) should clearly state if such a system is in place. Preparation for implementation should involve users (both pupils and staff) to publicise the benefits of the service and encourage buy-in (a top-down approach should be avoided).

Schools should position reporting and monitoring solutions as tools to keep people safe and to maintain the security and integrity of school ICT facilities, rather than as a means of catching people out and punishing them. Monitoring and reporting solutions should form part of a school’s overall approach to safeguarding and encouraging responsible and appropriate use of the internet and ICT.

School AUPs should be current and subject to regular review and update. The school’s AUP provides the underpinning for any monitoring and reporting implementation and so must be current, comprehensive and understood by all users. Schools may also wish to revisit how their AUPs are communicated to users, and also their approaches to user education on e-safety and security matters (see E-Security: Managing and Maintaining Cyber-Security in Schools10 Steps To Protect Your School’s Network: A Guide For School Leaders and School E-Security Checklist) as part of implementing a monitoring and reporting solution. Schools may also wish to draw up an additional security policy on the light of the increasing frequency and complexity of e-security risks and issues.

Additional aspects to consider in relation to monitoring and reporting solutions include

  • How closely do systems fit with the particular requirements of sites and users? For example, are multi-lingual capabilities needed, or particular facilities to support users with special educational needs?
  • As with any proactive service, update and reporting frequencies are very important: how quickly are new threats and issues detected and addressed?
  • Administration and control options also need to be investigated in order to maximise detection accuracy while minimising false positive instances (third party managed solutions can be particularly helpful here in reducing the burden on individual schools).
  • How scalable is the solution – does it stand alone or span multiple sites and/or local authority/regional implementations?
  • If monitoring and reporting is subscribed to as a service, costs, service levels, contractual terms, considerations and commitments all need to be understood and communicated clearly, just as with any subscription based service.

 

Monitoring & reporting solutions – examples

Please note: These examples are provided for illustrative purposes only; inclusion here does not imply endorsement by the NEN nor does exclusion imply the reverse. Schools are advised to contact their local authority or RBC in the first instance if considering a monitoring and reporting solution.

Birmingham City Council – Link2ICT Managed monitoring service for schools

Securus Education – e-Safety solutions for Education, Enforcement and Enterprise

Future Digital

e-Safe Education

 

Further NEN advice on e-safety and cyber security:

Additional advice and guidance from NEN partners includes the following:

NEN – Online safety

London Grid for Learning: online safety & safeguarding

South West Grid for Learning: online safety services

Northern Grid for Learning: Digitally Confident

Birmingham City Council Link2ICT: safeguarding

Share This