IT safeguarding in schools – and how data privacy can actually work against you

Once upon a time, internet filtering was simple. The only devices with internet access that most students had access to were in school and the ways in which students could potentially bypass the filter were scarce (or else only for those students with very advanced IT skills).  

Students would try and bypass the filtering by using web proxies. Network Managers could spot these quite easily and so they would be blocked quickly. It was a case of cat and mouse or to use a horrendous phrase – whack a mole. With the network manager having visibility of what was going on, they could retain control and maintain safeguarding standards.

Your internet filtering system kept students away from harmful content plus allowed you to monitor what students were doing online so you could tick the compliance box in relation to online safety.

Things have moved on. Significantly.

Internet filtering in schools in 2021

Although schools still have internet filtering in place this simply isn’t enough anymore. Firstly, almost every student in secondary school will have their own mobile phone with data connectivity.  The filtering of internet access on your school network is of little use here when students are using their own connectivity for themselves or even sharing it as a wi-fi hotspot for their friends. Add BYOD to the mix and things are even more complicated.

Nowadays, students have access to all manner of tools from VPNs (now advertised everywhere including on TV in relation to personal data security) to the ability to set up a dark website with only one or two clicks. Some services even market the fact they don’t keep logs. Disposable email and social media accounts can easily be created as and when needed. IT-savvy students will maybe even spin-up a virtual PC in the cloud, use it then destroy it when it’s surplus to requirements taking with it any evidence of what it was used for.   

Data privacy – the double-edged sword

The tools that schools have to keep students within a safe internet bubble haven’t changed much over the years. However, the easily accessible and user-friendly tools that students have access to in order to bypass any restrictions have grown significantly.

The increasing need for online privacy and security is moving all sites and services towards systems that are less easy to monitor. It’s a catch-22 situation. 

First it was almost all sites moving from HTTP to HTTPS. The next step seems to be a move to DNS over HTTPS.  Given DNS requests are a key feature of filtering solutions, the encryption of these requests will render filtering solutions unable to see which sites students are actually visiting.  

Striking a balance: IT safeguarding vs digital agility

A solution here is SSL decryption that would allow filtering solutions to decrypt and then re-encrypt DNS requests, as well as data. However this in itself has its implications, and it’s worth Network Managers asking themselves the following questions: 

Is it acceptable to break a fundamental security measure built into sites in the interests of safeguarding?  

  • By breaking the fundamental security of website traffic could we put student data at risk as it traverses our filtering solutions, and if so, is this risk acceptable?  
  • And, is all of this effort worth it if students can simply hop onto their 4G/5G signal and bypass all of these precautions at will?

What was very much a simple compliance measure requiring a filtering solution has now changed significantly. We therefore need to stop looking at this issue in terms of simply having filtering/monitoring in place and consider it from a broader risk point of view:

  • What are the benefits of how we use technology in our school?  
  • What are the risks?  
  • How do we reduce/mitigate these risks? 
  • Do any of our mitigation measures limit potential positive uses of technology and is this acceptable? 

Safeguarding in relation to technology use is no longer simple. It is no longer a simple internet filtering box and a compliance tick-box exercise. Instead it needs to be part of a larger conversation around the benefits and risks of technology use in school, by staff and by students.

The team at CSE is always happy to help advise and guide schools through any IT decisions, particularly when it comes to IT security and managed services. If you’d like to chat to one of us, fill out your details here.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *